How to protect shader code in a release product

Option 1: 

Obfuscate your source and continue to use clCreateProgramWithSource. Remove all comments and make variable and function names meaningless. This will still work on all platforms and devices.

Option 2: 

Only ship binary and use clCreateProgramWithBinary. The downside is that you'll have to pre-compile your program for all supported platforms and devices ahead of time and if your user has an unsupported device, you won't run on their hardware.

Option 3: 

Wait for OpenCL SPIR to be available everywhere. This is a portable intermediate representation that is lower-level than source but higher level than binary. It is not well supported yet, so not really an option yet.

maybe 

Use separate files and encrypt them with a text encryption
library, perhaps? 

You could also roll your own encryption/decryption
scheme using a key, depending on how secure you want the files to be. 

Even if you were to embed the shaders in the application
itself, a tool as simple as unix "strings" can be used to extract them.

that binary shaders in OpenGL are meant to reduce shader compile time, not for portable re-distribution.