Good question.
I know in Java, you can obfuscate your class files into a jar using something like ProGuard, and unzip the Java add-in, change jars, re-zip etc. I assume you can obfuscate your code before you package the add-in.
Does your client have access to the internet? What about moving your algorithms to a web service and have your add-in call the web service? Anyone who decompiles your add-in will only see how to make the call to your web service, and they can probably abuse it, but they won't know the implementation of the algorithm.
You could also give your client a username/password that authenticates to your web service via your add-in, then you can control who can make requests to your web service.
I guess it depends on what your add-in is doing with respect to whether or not you can pass ArcObjects references around via web services. If you look at ArcGIS Online, all geoprocessing is now based on web services.
These are just ideas.