It prevents the code from being read back with a programmer. At its most basic, if you follow the programmer specification, the copying person will say "darn it, I can't do it."
However, over the years various hacks have been found, new security procedures have been created, and new hacks introduced. An example might be creating a high or low voltage spike on Vdd/Vpp/clk at a critical point to create a glitch in the PIC's logic that makes it ignore the code protection status. It requires some research, and usually some skill.
The real problem is that, code protected or not, once you have a copy of the chip's memory you don't have a C, BASIC, or assembly source file. Just a bunch of hex. This is fine for cloning chips exactly, but getting code you can update, maintain, or just take out the critical pieces you want to steal requires serious disassembler skills. One could then ask why anybody that skilled wouldn't just try to write their own code.
Typically for amateur-type projects it's not worthwhile to try to steal code.
However, over the years various hacks have been found, new security procedures have been created, and new hacks introduced. An example might be creating a high or low voltage spike on Vdd/Vpp/clk at a critical point to create a glitch in the PIC's logic that makes it ignore the code protection status. It requires some research, and usually some skill.
As far as I'm aware, that only worked on the 16C84 (which was why it was replaced by the 16F84) - it also required a number of programmed chips, as you were as likely to kill them as unprotect them.
The real problem is that, code protected or not, once you have a copy of the chip's memory you don't have a C, BASIC, or assembly source file. Just a bunch of hex. This is fine for cloning chips exactly, but getting code you can update, maintain, or just take out the critical pieces you want to steal requires serious disassembler skills. One could then ask why anybody that skilled wouldn't just try to write their own code.
Disassembly isn't a problem, MPLAB even does it, or WinPicProg does it better - but obviously you ONLY get assembler code back, you can't recover a high level source code from a HEX dump. You can tell when it was created by a C compiler though, they usually produce really horrible assembly code!.
But as you say, it may well be easier to just write your own program in the first place - however it's reading the code out which is the problem, not handling it afterwards. Common methods include dissolving the encapsulation and mechanically attacking the chip under a microscope.
my fave hack I saw described was to pry off the top and shine a light on the code lock section which allowed the hacker to read the flash memory. I'm also aware of several east european labs that will, for a fee, take a chip and send you a hex.
bottom line - cp is good enough to prevent casual prying eyes but not really anyone who is only slightly determined.