This question was raised in the webinar "Enhance your product with industry-leading processors - for no upfront license fee.”
On-chip firmware can be somewhat protected by compiling it as "execute only" code, and using hardware method to suppress data loads from this memory in the production chip.
The processor can also be coupled with ARM TrustZone® CryptoCell to offer enhanced security. Full TrustZone security in a Cortex-M0 like footprint is available in the Cortex-M23 processor, which is available for licensing. If you wish to implement security in a DesignStart processor we recommend Cortex-M3, which, when combined with the right software (e.g. mbed OS), can offer software isolation.