Daniel,

You can't prevent decompilation of NET assemblies.

Assuming you aren't dealing with classical hackers for whom the challenge itself is a reward, IMHO protection in 2007 means making the hack difficult enough that it isn't worth it.

For a $95 app, obfuscation is probably enough. You mention renaming of methods/properties to a,b,c ... those are also overloaded so it can be quite an effort to discover what particular "a" is being referenced. Try it!

For something more complex e.g. involving sensitive algorithms, one of the commercial obfuscators with declarative obfuscation and realtime decompression/decryption is probably enough. Again, not perfect- if the app can decrypt and run itself, so can a determined hacker.

For extremely precious IP with competitive advantage or that involves big $$$, an onsite dedicated server maintained by your firm is usually sufficient. Still not perfect: there are tools out there that allow you to "recover" administrator passwords, so you'd need to prevent physical access to the server as well.

The next step is to run your app as a remote service so that the hacker cannot easily get access to the app or the machine it runs on. Still not perfect: if there's real value in it, it doesn't take long to break in and steal a server. So once you reach this level you need to think about vaults etc etc.

Somewhere in the middle there's the issue of your own personnel: a disenchanted employee can negate all your precautions if they can be persuaded to hand over the source.