Best you can do: don't use Archer, use either something from Google or from Typekit.
Typekit uses many layers of protection, and implementing them would be difficult and not worth the time.
Second best thing: at least Base-64 encode the font, and limit woff usage to your domain only. Still trivial to hack, and doesn't really count as good protection, but better than what it is now. And you would still be violating ToS.