Can a custom NSURLProtocol be accessed from external code?

Question

My app registers a NSURLProtocol subclass that intercepts one specific URL. The protocol replies to requests with a secret key.

@implementation PrivateURLProtocol

// ignore everything besides keyURL
+ (BOOL)canInitWithRequest:(NSURLRequest *)request
{
    return [request.URL isEqual:keyURL];
}

// respond with secret key
– startLoading
{
    NSURLResponse *response = [[NSURLResponse alloc] initWithURL:self.request.URL
            MIMEType:@"text/plain" expectedContentLength:-1 textEncodingName:nil];
    [self.client URLProtocol:self didReceiveResponse:response
            cacheStoragePolicy:NSURLCacheStorageNotAllowed];

    NSData *data = [@"Swordfish" dataUsingEncoding:NSUTF8StringEncoding];
    [self.client URLProtocol:self didLoadData:data];
    [self.client URLProtocolDidFinishLoading:self];
}

// boilerplate
– (void)stopLoading { }
+ (NSURLRequest *)canonicalRequestForRequest:(NSURLRequest *)request {
    return request;
}

@end

Only my code and the libraries I link against should be able to see the key. How might an enterprising user obtain my secret key? Is this secure?

For those curious, this is part of a DRM setup. AVPlayer will request the key so it can play encrypted media.