This is no secret. You can extract the original .p3d file rather easily; it’s just tacked onto the end of a stub executable file. Just as easily as you can access, say, the original .pyc files from something packaged using py2exe, or the original .jar of a packaged Java application. You cannot, however, extract the original source code as .p3d files only contain .pyo files, which is optimised Python bytecode.
I realise that the opinions on this differ, but I don’t think it’s worth it to pursue the (arguably impossible) goal of preventing the user from accessing your compiled Python bytecode in some way or another. If you want to force verification of sensitive parts, though, you could use ppackage to generate a package for that part, upload it to a server, and compile your .p3d file against it (and set the verify_contents token during the pdeploy phase). This is explained in the manual.