I’ve been playing around with Wowza streaming cloud and stream publishing via WebRTC. I see that the player also use the same source connection information that is used for publishing streams. Is there any solution to stop people with the information from publishing streams.

Wowza Cloud cannot:

• Provide authenticated WebRTC publisher connection
  
  

Your options would be to use Streaming Engine instead for your WebRTC workflow where you’d have more security control for both publishing and playback:

https://www.wowza.com/docs/control-access-to-webrtc-publishing-and-playback#enhance-webrtc-publishing-and-playback-security-with-a-custom-http-provider

As far as Cloud, we don’t yet offer that level of security for WebRTC publishing, just encryption at playback.

It is fine with WebRTC publishing, but I also want to use WebRTC playback as well (bad delay with HLS playback) without exposing the publishing info to the public.

or at least with some form of security for webrtc playback