Ember is a frontend framework, so all security has to happen on your backend.
If you are shipping the code to the client, anyone with access can read it. Putting the code behind login with rails would stop unauthorised people seeing your code (as long as you ensure you are actually authing access to the file, which is not the case by default for rails static assets).
Can you elaborate why you wouldn't want authorized clients to see how your app is structured?
I would like to understand if my above concern is valid, and also what others are doing to mitigate these risks when writing a private app with ember where you don't necessarily want a user to really be able to understand and have easy access to your ER Model and Biz logic just by looking at your .JS file.