Access Control Applied on Streams/Videos



I am reading about Access Control for Users and i was able to apply an access control to restrict certain countries to view the stream.

My question is, this access control mainly applies on the media element and not on the actual stream itself, meaning that if a user guesses the HLS Stream URL for example by doing a wireshark and seeing from where the rtmp is being consumed on another computer i the authorized countries, he can simple point avplay to that stream url and bypass all the access controls.

My second question is, if a user tries to view source the html page where the kaltura player is loading, i see lot of javascripts showing some internal kaltura media data like the url of the thumbnail and the name of the media and its id. So my question is, can a user de-obfuscate this data and get access to the HLS url link too? How secure is it to have this javascript visible to the user?

Thank you again