If you are using OpenCPU, you will notice that anyone can access your /ocpu/library/[your_library]/R/ directory and see all the source code of your backend application. How can you prevent this from happening?
If you are using Apache, you can write a rule to prevent any HTTP request but POST to the /ocpu/library/[your_library]/R/ address. This can easily be done modifying the /etc/apache2/sites-available/opencpu.conf file. You just have to add the following lines inside the <IfModule mod_R.c> block:
<Location /ocpu/library/[your_library]/R>
SetHandler r-handler
RHandler opencpu:::rapachehandler
Require method POST
SetOutputFilter DEFLATE
SetInputFilter DEFLATE
</Location>
Notice to change [your_library] for your actual library name.
The fact that you only allow POST requests to that address means that you'll be able to execute that code, but not to get it. If you want to hide your /info file so that nobody can see your documentation, you can copy the previous code changing the route to /ocpu/library/[your_library]/info. You can do much the same with any path you want to hide. However, notice that this trick will not work with anything stored in /data, as you must access it via GET.
I would like if you comment any issues you think this might have.