The best you can do with Python is to obscure things.
- Strip out all docstrings
- Distribute only the .pyc compiled files.
- freeze it
- Obscure your constants inside a class/module so that help(config) doesn't show everything
You may be able to add some additional obscurity by encrypting part of it and decrypting it on the fly and passing it to eval(). But no matter what you do someone can break it.
None of this will stop a determined attacker from disassembling the bytecode or digging through your api with help, dir, etc.
