Let's assume that after a few years of work I would have a 3D game ready, that can be downloaded by millions of people worldwide, it would be a game running on a client-server model.
As far as I understand anyone can look at other people's source code if they possess the .jar (the client one in this case). What are the risks of other people having a client .jar?
The checking part (anti-cheating) will be done on the server side anyway, so I doubt there will be much risk here, but I'm just wanting to have a good view of what can exactly happen, so to be more precise I'm asking the following questions:
I thought about putting it up on gamedev, but I think it's better suited here as it is directly about a programming language - Java - and an abstract programming problem.
On this one, I should emphasize that all opinions are my own and do NOT necessarily reflect those of my employer.
No, they can't look at your source code if they've got the jar. They can decompile it into equivalent source code, which will be significantly harder to read but can be figured out... just as they could dis-assemble object code (which would, admittedly, be a bit harder to figure out). Code obfuscation will indeed slow them down, but the folks who would do this are used to dealing with that too. Java is more vulnerable than some other languages to being reverse-engineered.
Copy protection generally works only to keep honest people honest. Luckily, most folks are at least moderately honest. The dishonest treat it as a free puzzle included with your product. You can slow them down. But realistically, you can't stop them unless you use specific kinds of hardware-assisted security (basically, running critical parts of the program inside a separate encapsulated machine) -- which tends to drive the cost up and/or annoy people enough that they avoid your product. Most companies have instead moved to a model of requiring that code be registered in order to get upgrades, support, online services, or whatever... and to either pricing it with the assumption that some piracy is going to occur, or pricing low enough that pirating it just isn't worthwhile.
Or, for commercial code, going after the pirated copies in court. For serious code, most companies are very aware that they have much more to lose by allowing a pirated copy onto the premises than they can save by pirating; I've seen employees fired on the spot for making a pirated copy at work.
In fact some companies have made "pirating" part of their business model. "If you got this program from a friend, and you like it, please consider sending us money to support the developers and/or buying an upgrade to the current version." Surprisingly, for good products, many folks are perfectly willing to pay voluntarily. Not everyone, but it helps.
Addressing your questions about alteration of the code:
I AM NOT A LAWYER, AND YOU SHOULD CONSULT ONE FOR THIS QUESTION, but my best understanding is that you have no new liability. If they mess up the code, that's their fault and their problem.
In a singleplayer environment, all they can do is mess with their own copy. If they break it, that's their problem. If they cheat, they're only cheating themselves out of the gaming experience they paid for.
Multiplayer is a much larger problem; if they reverse-engineer the game they can mess with your databases and other player's experience of the game. The only way to solve this, as far as I know, is to design your servers to (a) only allow the client to do things which can't cause much damage, and (b) watch player actions to try to detect abuse and kick abusing players out of the system. It's annoying, but it's the reality. And if you can show that you've made a reasonable effort to do this, it should guard you against any possible liability at this level.... but again, I AM NOT A LAWYER and free legal advice from programmers is like free programming advice from lawyers...
Building their own game mirroring yours: If you can detect that they're accessing your servers, that's legally actionable. If you've got something as simple as Tetris or Minehunter then you're going to get knock-offs and unless you're willing to go after them in court there isn't much you can do about it except by offering upgrades and so on to registered players that the knock-offs won't get. if you've written something complicated, then for the effort of duplicating yours they could create their own so this is less likely to be a problem than pure piracy is.
And as far as industrial-level piracy in the far east etc... Again, there really isn't a good answer.
If you find a solution that actually works, THAT should be your product; the world will beat a path to your door. But in the long run, I really don't think it's possible; all you can do is slow them down and use copyright and license agreements, and build a loyal enough fan base that they'd rather work with you than against you.