You can try using Limit Usage under the layer's Settings. It needs to be a layer added from the web, so either re-add your hosted feature layer or add an unfederated server's service. (Help article: https://support.esri.com/en/technical-article/000017029). Then you can specify which URLs you want to be able to access the resource, like where you host the web application. Then even if someone tries to add it to an ArcGIS Online webmap, it errors out. For ESRI mobile apps, we found some strings that could be used to limit the usage to those SDKs to limit the use to Collector. (https://community.esri.com/message/692640-re-limiting-usage-on-layer-in-collector) Not sure if it would work exactly the same with Survey123 (especially if it's a web form vs app form), but could give you a place to start. This method allows any application built with these SDKs to access the item, but does help prevent people from editing it in AGO. If you need even more security on a public survey, I've had my users enter a password and if that text string matches the actual password, the rest of the questions appear. Some of those initially missing questions are required, so the survey can't be submitted without the password.
... View more