This is how PhoneGap apps work, so no, there's nothing you can change on config.xml to change this behavior.
You can attempt to obfuscate your code, but my suggestion is that you don't bother (beyond the regular minification you would do normally). Don't bother with encrypting it either.
Native code has a similar problem as it is trivial to decompile the code and figure out what's going on. This is why it's important not to have anything that constitutes a secret in your code.
Thanks. This makes sense, but what has us confused is that when building iOS or Android apps with PhoneGap they are compiled (ipa or apk), but with Windows 10 apps they are not.
Just FYI: if you rename those IPA or APK files to ZIP and extract them, the contents of the www folder are plainly visible there as well.