Anything in your image will be in your image. Generally if you have secrets that you don’t want someone to read, then you would not include those in the image. Instead, you would provide them at runtime.
For example, my private SSL key and certificate probably doesn’t belong in a general purpose webserver image. I’d expect to share the ssl files in at runtime instead of buildtime:
docker run -v /path/to/secret/stuff:/certs -d -p 443:443 mywebserver
If you are talking about source code, then you are going to face this issue whether you use docker or not. In order for your code to execute, it must be present. One approach that is common is to use some sort of obfuscation element to make it difficult to read what your program does. The obfuscated code is what would get distributed.
Hopefully this helps.