A common misconception when building Cordova applications (which is what we use to create native packages when using frameworks like Ionic), is that the source code for those applications are secure because they are bundled into a single .ipa or .apk file. However, it is quite easy to download any Cordova application from the app store and poke around in the source code.
This is not a security flaw in Cordova, it is just an important concept to understand, and you should design your applications with this in mind.