Best way to think of it is that it scrambles your code, but right before it runs it still needs to be unscrambled, so someone dedicated enough will be able to obtain the full source code (or at least byte code) anyway.

I hope my boss sees this because this is a very common misconception. This isn't the 90s where your only option for running code was to install it on the user's machine. You have other options. You have to assume that everything you install on a user device is no longer private. The only way to protect source code is to never distribute it in the first place, and only expose your software through web APIs.