One idea that could be used to protect certain key algorithms without
shoving the entire application onto a web server would be to set up a
web service to handle certain critical procedures and then return the
result.
Obviously there are limitations here, for one, the webserver would not
have full access to your data tables, so you would need to extract any
needed data and then transmit that to the web server (this could also be
a security issue).
Properly done, you could provide the end user with almost all of the
code while still holding onto key technology.
This is not a substitute for a good contract.
_Kevin