I want to point out that the encryption of scripts exists only to make it moderately more difficult for a “hacker” to access your source code. We don’t want scripts to exist in plain text in the archive (which is the case for HTML5 where we can’t use LuaJIT). What we can do as an additional step, although it won’t matter much in the long run, is to move the key outside of the repo and inject it at build time.
As a developer I wouldn’t worry much about the source code. It the game as a whole I’d be more concerned about or your game idea. @Pkeod has done a great job with HTML5 games to advocate for domain locking your games so that they can’t be copied as is. And when it comes to protecting your game idea it’s an uphill battle. There are companies that are super skilled at cloning existing games and releasing with deceptively similar names and with similar graphics.