I will chime in with some info;
First thing, if a resource is accessible on the internet through a browser, it can be downloaded, modified, and reuploaded, by whoever can access it, with readily available tools, most of them built into nearly every desktop web browser. If a resource gets used by a client, you can be sure it can be saved, and reproduced.
More specifically, the HTML5 Runtime is written pretty much solely using web technology that is served 100% to the client when in use, this includes the runtime code, your apps specific fusion bytecode, and all its sounds/graphics. All of this is loaded up front, or on demand by the runtime.
Unfortunately, its pretty much 100% impossible to stop anyone from copying and using a public internet resource, but we do take heavy steps to deter the behavior, and make it very difficult to do so in the HTML5 Runtime, and I will not say its not impossible, but its a bit above non-trivial to de-obfuscate the runtime.js code and understand it after its been 'compiled', however, the real challenging task would be going through and reverse engineering an apps fusion formatted bytecode by hand, since its not laid out in a datastructure, but read byte-by-byte in the html5 runtime. For the most part, the code behind your apps is fairly difficult to get from HTML5 apps, therefore 'safer' in a sense, but the graphics / sounds / runtime code are all readily available.
Again, all that said, you must not trust that anything that anyone can access publicly from the internet cannot, or will not, be stolen, copied, and / or redistributed, its just part of the nature of the WWW.