[thewataccount]

Yeah you can try obfuscating it, but in general you need to assume plain text access to anything you send the client.

The only exceptions are basically some really hardcore DRM like denuvo and hardware certificated drm. Even those aren't safe from deteremined people.