A .iq is actually a .zip file, with the manifest, and directory for each device you support, and the .prg file for that device in that directory, so the question is really only about .prg files. When you submit stuff to the store, there are no .mc files included
.prg files are compiled versions of your code and don't contain source code either. Depending on how you build, a .prg may include debug symbols, so a ciq_log.txt can provide more info.
I supose someone could try to turn the compiled code back into something, but I'd guess that would take far more time than just building it from scratch. And the same would be true if you put it in the app store or just emailed the .prg to someone.
Jim is correct, but I thought I'd throw in an "official" comment. :)
Technically, anything could be reverse engineered given enough time and insight, but the reward for doing so with a PRG is relatively small. The PRG is a compiled binary of the app, so there is no source code contained within it. Someone would have to figure out our entire binary format before they could manage to de-compile the PRG. I think someone skilled enough to do it would more likely just code their own app.
So, yes, it's safe to share apps with others. Like any software, I'd be careful about accepting apps from anyone, but we've designed the system so the worst thing that could happen with a bad PRG is that the watch will crash. That's annoying, but not detrimental.
