My 2 cents

While I don't like the idea, you current market situation is understandable. So on that note

On the whole compilation issue. I dont believe that you will be able to compile once and deploy. More than likely you will need to compile at least once for Windows platforms (possibly more, I don't devel on that platform so I couldn't tell you), and more than likely you will need to compile per Linux/Unix variant. Which leads to all sorts of other issues, but thats a different post.

On the whole obfuscation, I think you are going to take a serious performance hit on munging/encrypting your code and demunging/decrypting during execution. (I think even if it is a persistant process, where you only decode once, and run forever, though that may lessen your hit). To the point that your product wont be near as responsive as it is now, and may infact end up worse than a competitors.

This is something I have looked at and reviewed many times, as I was considering consulting and providing "glue services" for lack of a better term. I finally came to the point where I decided it is in the customers hands in my situation. I.e They hire me, I state they can A) purchase the code outright, with provisions for me to reuse the code, but never the exact tweaks I provided for them (this costs more for them), or B) They can simply use the code, but it belongs to me and I can reuse at any other site I see fit.

This isn't exactly the situation you are in. If it is really important that others not get your code, then you need to think long and hard about who to give it to. If you need to jump through flaming hoops, in order to appease a small percentage of your client base / possible client base, and it detracts from the time you will spend inproving the product and adding features, then is it really worth it? Theoretically you could implement your own perl interpreter (see the panther book Advaced perl programming for a reasonable intro into how), and then add custom ops and checks into the interpreter itself. But thats more security through obscurity, which isn't usually good.

So I guess I don't have alot to add aside from, I feel your pain, and maybe you should reconsider how much control you really want to relinquish to your client base. You should be in a position where you can say "Im sorry, but that is an unacceptable use of our software. If you would like we can add another server, but we must retain control of the code".

On another note. You could allow the customer to install the code and CYA legally by requiring an NDA, but that just makes me shudder. It is an option though, and one which has had many legal precedents behind it. You could have it drafted up by a legal type and then provided all people who will be viewing the code have signed the NDA and also agreed to not distribute your code base not replicate, you could allow them to install it on whatever hardware they want.

/* And the Creator, against his better judgement, wrote man.c */