You need to understand that the browser MUST have source in order to display a page to the user, readable source and only readable source is what the browser uses. No matter what steps you take to make it difficult for a user to see that code the bottom line is that the source must be available to the browser somehow and thus the source is also going to be available to you users.
The key is simply not putting anything into the source that could be used to compromise your site and trust absolutely nothing that comes from the web. That's where server side code comes in, use code on the server to validate all the data you receive from a user and to prevent the user from seeing any passwords or other sensitive information. The server side code can generate the "source" that's passed to the user's browser.
Also make sure your web server is set up so the user must execute the server side code, leave no door open for the user to download the code regardless of whether it's a script (PHP,PERL, ASP....) or a compiled program (C++, Pascal...). That's where you want to protect your code.