I personally don't worry about it very much. In my specific case, the strategy has quite a few moving pieces, and I don't think it'd be trivial for someone to copy it even if I gave them the source code to the primary automated piece.
If I were a little more paranoid, I'd probably be careful to have just compiled object code on the co-located server rather than source.
If I were more paranoid, I'd probably take steps to encrypt the file system.
If I were even more paranoid, I could write a thin client on the co-located server that downloads the application from my trusted/secure machine at startup every time, and ONLY executes from RAM.