Let say I want to mess with particular site and inject some function there to interact with the page. Can then website admin check that by checking window object if there are only function defined by him, and if there are differences beam back by ajax to his server, so in fact can my code be stealed/looked upon in that way ?
If you inject code in the global context of a website that website could use JavaScript to detect this and, by using .toString() on your functions, get the sourcecode of the injected functions.
However, that's pretty unlikely and you can always put most of your code into an anonymous self-executing function that only uses proxy functions when registering events etc. which then call your actual logic - and those functions would not be accessible outside the anonymous closure.
(function() {
function doCrazyStuff() { /* OMG THIS IS TOP SEKRET! */ }
function crazyStuffProxy() { doCrazyStuff(); }
window.onload = crazyStuffProxy;
});
Now someone with access to window could get the code of crazyStuffProxy but would have no way of accessing doCrazyStuff.
Of course this only applies if you don't inject all your code using <script> tag. But since you tagged your question opera-extension your code probably runs in a different context except the code you actually add to the window or DOM elements so that shouldn't be a problem...