Our security policy does not allow us to expose our source code to clients.
Typically, in the ColdFusion world a sourceless distribution is carried out by running the code through cfcompile.sh
Unfortunately, code that is precompiled is in my experience not portable across different Operating Systems. I am now looking into alternatives to obfuscate the actual source code.
Do you see any other option besides the precompilation option in the ColdFusion world?
You can use the cfencode executable located in the bin directory to "Encode" the templates in an unreadable manner. This works across all platforms, and has been a feature of ColdFusion for a long time, so it goes back many versions as well.
It should be noted that there are third party utilities to decode the encoded cfm templates to get the source code again. It is a keeping honest people honest solution.
you might want to check out the cfcompile utility:
http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=deploying_5.html
two of the features are:
Precompiling ColdFusion pages: Precompile your application's CFM pages into Java class files. At runtime, ColdFusion does not have to compile CFM pages.
Sourceless distribution: Create CFM pages as Java bytecode. You can deploy these CFM pages instead of CFML source code.