The writeup you mention is very similar to a tact I’ve been sketching out as a preemptive measure. I was going to add a simple little decrypt (encoded entities or rot13) on the key URL’s so that even if you source the external javascript, it’s not obvious to the viewer who could simply copy/paste.
Did you ever do a writeup on the Javascript side of your efforts? I’ve done #1 and #2 for a while and it’s helped, but I want to move into the Javascript side. I probably won’t use Moderate because I close old entries.