I've never heard of a single case where a startup made a claim against anyone based on such information. Nor is it necessary to protect oneself; commit logs should be fine for that.
Mr. Graham, do you take requests for essays? You've been on both sides of the table on this. What would you honestly tell your younger self about protecting your work from "bad guys?" What is worth worrying about, and what is not, in your estimation? That would be very cool.
We don't have to go back to my younger self: I constantly have to advise YC startups about this.
What I tell them is short enough to put here. The only effective protection is secrecy. But you never want to seem overtly secretive. So the optimal policy is to seem to be explaining everything about what you're doing, but to omit the important but non-obvious details that you get right but someone trying to reproduce your project would initially get wrong. By definition, no one who's not an expert will notice when such details are omitted.
Part 2: Err on the side of openness. Your valuable secrets are not as valuable as you think, and the danger of telling people stuff is not as great as you think.
