I am interested to hear how secure the source code is when compiled with MATLAB Compiler as of 2014? I read two threads on the subject from 2011 that states that there are security flaws.
In this thread from 2011 it is stated that the names of the source files are exposed to the users
In this thread from 2011 it is stated that m-files sometimes are exposed at obscure locations in the host system.
Do anyone know if these flaws have been addressed?
All applications produced by the MATLAB Compiler (and related toolboxes) include an embedded CTF archive. This archive is embedded in the generated component (standalone EXE, shared DLL, Java packes, .NET assemblies, etc..) along with a target-specific boilerplate code to expose it as a binary component of the expected format.
The CTF archive contains all the MATLAB source and data of the project files in an encrypted form (AES encryption). The archive is extracted when the application runs for the first time (to a configurable cache location), files are then decrypted and executed in the context of the MCR runtime. So even though there will be a bunch of visible M-files inside the cache directory, they all in an encrypted form (no clear text code is ever written to disk).
You can read more about this in the documentation.
The way I see it, there is no glaring flaw here, and there never was... I don't think the names of the source files is something one worries about exposing!