As far as refactoring the key out, writting it in unmanaged might not help if they kill the call site from managed to unmanaged. One option you have with obfuscation if your using Dotfuscator professional is to enable their "Tamper Detection" essentially they tag your assembly and if someone modifies you can have your code do various things. Of course the hacker can remove this but its a lot more sweat and tears.
