This may not quite answer your question, but I do have a way for distributing access solutions securely and take these steps.
Typically I have 4 dbs.
1. An accde which contains modules only (not password protected)
2. an accdb which contains customer data tables only and is password protected
3. an accdb which contains system/control tables plus related system forms and is password protected (different password)
4. an accdb (the user db) which contains all forms and queries and might or might not be password protected. I also set navigation off and hide the access window so that the user cannot use the shift key to get into the system. In terms of tables, the only ones linked are the ones in db 2. The ones in db 3 are accessed by DAO via db 1.
The reason for having 2 & 3 is for ease of maintenance and to hide visibility of the user table in 3 which has the access rights
In the code for 4, 1 is referenced as a library. Incidentally, I put all sensitive code in 1 so forms in 4 typically simply have a call to the function or sub in 1
Forms and tables in 3 are accessed only by a call through a function or sub in 1 which in turn is controlled by a function in 1 which determines the access level of the user based on the windows logon and machine id's
I don't change 4 to an ACCDE because a number of the routines need to create temporary forms to display as a subform - and you can't create new forms in an ACCDE.
I don't combine 3 and 1 together, although in theory there is no change because I would then need to password protect it and you can't have a password protected ACCDE as a library.
All four db's need to reside in the same directory since I use currentproject.path to determine where everything is. The library file (1) could be located elsewhere, but often users don't have the access rights to place it there.
Finally, the benefit of using a combination of windows logon and machineID means if the system is copied to a different location (e.g. someone wants to take it home) it won't work at all - in fact I have a sneaky routine which will, after other identity checks will lock everything up and ask for an email to be sent to me asking for the unlock code and will delete the contents of db's 2-4 if necessary.
It's a bit complex and I'm sure someone could break in with enough time but it does for me!