I am not sure I understand your question, but Godot’s source is available to the public https://github.com/godotengine/godot, so you can compile everything yourself, with whatever options make you feel secure. You can strip libraries from the main engine and use only bare minimum of things you use and need in your game. For example, if you are making a 2D game, you can remove all 3D components from the engine during compilation with one simple disable_3d=yesoption.
“Exporting” games means generating an archive with your project’s data (data.pck) and copying the Godot runtime binary as executable to run the project data.
This runtime binary is the same as the editor binary, albeit without editing tools. So basically you should be as concerned about exporting games with pre-compiled binaries than you should be about using the pre-compiled editor binary.
What really is prompted here is ability to avoid hacks that give player the unfair perks, especially when it comes to multiplayer features (even if these are just on client side).
It’s not easy for everyone to modify an exported game. Compiled C++ is not straightforward to modify (although possible if you talk x86/amd64 bytecode fluently).
Scripts can be encrypted through the export options in Godot (Scene → Project Settings → Scripts).
However it appears some resources are still in text format even after export, according to this issue: https://github.com/godotengine/godot/issues/6709
So if someone opens an exported game with notepad and finds a location in the +30Mo where text can be seen, the game can be slightly altered.
As said before, you can still compile the engine with whatever you think is good for you, however I have no idea how export will work if export templates are already obfuscated.
If your game is really security-sensitive towards modification of the binaries/assets, I know this option, some people like it, others don’t: https://www.easyanticheat.net/
Robocraft, the game i’m working on, is using it, and it helped a lot reducing the amount of hackers. It’s valuable for online games if you can’t afford implementing security checks yourself. However it’s not free, I don’t know of alternatives yet
Do you have any idea how script encryption can affect performance?
Additionally to your answer (if someone afraids about to have assets stolen): it seems to me that assets can be easily extracted from apk for Android builds and the same probably holds for data.pck.