The only advanced protection method MPC5602D device offers is censorship.
Censorship feature is a way to prevent unauthorized access to the device. It can be achieved either by disabling of internal flash accesses or/and disabling of JTAG/Nexus client (protected by private password).
Customer will use Serial Password for downloading of user code to the RAM or JTAG Password for enabling debug of a censored device.
Details you may find under section 5.2 Boot Assist Module (BAM).
I must note it is very sensitive thing. It is needed to use it very carefully, because an inappropriate usage can lead in making the device useless. If user accidentally erases shadow flash/row, followed by reset, there is no chance to recover it (unless it had been though about before).
If the device is censored and user doesn’t have any pre-prepared recovery code located in the internal flash memory, there is no way how to unlock it and everything he can do is to order new sample device, and re-solder it instead of the censored one.
Q1) There is no way how to encrypt binary file over reverse engineering on this device. If third-party providers participates on the programming they will need JTAG/Serial Password allowing access to censored device as well, thus they could possibly reveal the password or original code. It is apparently needed to have signed some sort of agreement between this provider and you to avoid this.
Q2) I can imagine that device could have implemented some sort of flash resident bootloader, maybe it could manage some sort of decryption. Unfortunately I don’t know if some solution exists. Definitely there is no hardware support for such operation on this device.
Q3) No, I don’t think so.
