How to package securely, so the end user can't see the source code?

Package with py2exe. http://py2exe.org Follow tutorial diligently as it can be tricky to use. Make sure to install correct version for your version of python. In general it comes for python 2.7 and greater or python 3 and greater. PS: If your program has a GUI, change the setup parameter from console to window. (You will know when you get there.) You can also use cython (the c extension for python) to turn python bytecode files into dlls before packaging them so that they can't be easily turned back into the source code. But if you are distributing to people that won't have a clue how to convert python bytecode back into source code, then don't worry about using cython.

You can always encrypt the code with a key, and have it unlock itself on run. Or just package it in a .exe

It is impossible. They can always read the logic. You may compile your python scripts into assembly language commands using cython, so it would be much harder to understand what is coming on. But with relatively large amount of time, every program can be dissassembled. If you have to hide the code, build client-server application, hold sensitive logic on your server, distribute clients.