Hi
You should never store sensitive stuff in the app - client side. Just as a rule of thumb. Put it on the server and do some sort of exchange protocol based on authenticated/autorisation.
If you like to protect your Intellectual Property, you can reduce the burden by assuring your deploy only prod builds (ionic build --prod) so the source code gets minified and ugflified. But, reverse engineering, given enough incentive, is unavoidable. Also avoid publishing your sourcemaps.
Once in a while I bump into webapps (pro ones) with sourcemap or even dev builds, so that is easy library building.
Regards
Tom