google apps script - Source-code of Libraries used by WebApps visible to everybody?

Question

Having a similar constellation as in ScriptDb in Library accessed by WebApp, and also the answer given there applies to this question too:
When a published WebApp ( accessible by everybody and running as the accessing user) is using a Library, then this library needs to be shared to the public (to people having the link), otherwise there is the error
"You do not have access to library ..., used by your script, or it has been deleted."

So that means, that everybody having the link to my library can see all that precious source-code. The question is now, can somebody guess that link, which looks like

 https://script.google.com/a/macros/..../d/Mmov_2Lg8BnmygsjmTBZMqKFZSw7a2n3o/edit?template=default

or is this link neither contained in the web-content delivered to the one using the WebApp nor can it be derived easily from a (guessed) name of the library? That would be the case, if that string in the above link starting with Mmov_2Lg8B somehow is an encoded name and version-number of the library, and the algorithm works in both directions.
To summarize: The source code of a published WebApp is not visible to the user, but all libraries used by that App can be seen by everybody having the link to them. Is this link easily guessable? Or is there even a completely different way to keep the source-code of libraries private?

Answer 1

I initially thought the library key could be seen by inspecting the webapp, but that is not possible. So, you indeed need to share your library to "anyone with the link", but as long as you do not announce this link anywhere, one will not be able to find it just by using your web app.