From a desktop focus:
Raw on disk: anyone can access it
In a zip: anyone can access it
In a jar: anyone that knows a jar is a zip can access it
In a j3o: only folks who know what a j3o is and how to access that in a JME application can access it. (A significantly smaller set of people than the above.)
Rename extension to .foo but it’s still a .j3o: only highly motivated folks who bother to look deeply enough to figure out that it is the same can access it.
…now we are already in the realm of “JME developer” level person.
.j3o/.foo with custom control: only a JME developer who knows how to link in your .jars into their custom app can access your assets
literally any other protection you can think of short of decription in the shader: a JME developer who knows how to run your application within their application and/or hook into your application (add a key mapping in input manager for example) can access and dump anything they want. (And note that decryption in the shader is only a ‘takes a little longer to figure out’ style stumbling block)
How much effort do you want to expend to work towards diminishing returns. Already a j3o cuts out most of the world’s population.