Well, the .unity3d (Webplayer that is) file is just a container, which means: It's pretty easy to get the files out of the .unity3d file. When it's "unpacked" it's basically same folder structure than a Standalone Desktop project (with all the Assembly-CSharp.dll etc.).

The DLL themselves are (by default) very easy to disassemble. With a simple .NET Reflector, like ILSpy can make the C# code 100% readable, including variable names, method names, all classes. Everything.

Traditionally there are ways to obfuscate .NET Code, at least when using Visual Studio (the paid versions of course, not express) and it's built in obfuscator which will make the code much harder to read and get it's logic. Dunno if it works with Unity, but you could put all of your important code inside of a *.dll file and obfuscate the .dll inside of Visual Studio and place it in Unity.

Of course, this means: it won't work Unity Webplayer, as webplayers can't use .dlls/plugins (not sure about .NET dlls, correct me if I'm wrong)