Hey Hoyle:
Using Kioskmode will keep the casual users from downloading your movies for nefarious purposes. You can further protect your movies using DeliVRator (and a whole lot more), but again, it ultimately only keeps the honest folks out.
With various QTParser scripts and other server shenanigans available, there isn't too much we can do to keep the real "black hats" out of our QT content. Kioskmode is easy to work around for anyone who understands paths and HTML, and being able to extract images and such from QT files is fairly easy for anyone with knowledge past that.
As with many things it's a trade-off -- you could put your copyright directly on your panoramic image in Photoshop before you render out the QTVR, making your image(s) less palatable for folks; this obviously goes against the 'creative' grain. The less accessible you make your images for the black hats, the less accessible you make them for other folks too.
At least, at this point (and I don't see any changes forthcoming), decompiling QT files is generally difficult and any scripting within is pretty well obfuscated even for those in the know; this is unlike Flash projects, where decompilers abound. I think even Thomas has fallen prey to the Flash sort of black hat.
There are other ways to obscure your QT content from would-be thieves -- use multiple layer movies, or streaming, or even compile your movies on-the-fly a la PHP or other server-side scripting -- but again, they can detract from the general experience and ultimately not dissuade the hacker.
If you ask this general question on the IVRPA forums, you migh get different answers; this is just my experience.
P