There are unwrappers available for code wrapped with the Oracle 10g and 11g mechanism. These include both an online 'unwrapper' and the source code of an unwrapper written in Python.
As such, wrapping will do little to prevent someone with that level of access obtaining the source code.
Additional indicators of the nature of the code can be obtained using the *_DEPENDENCIES views, through an SQL trace or use of DBMS_TRACE.
The dependency views will show which tables and other objects might be called from the program, either directly or indirectly. The SQL trace will show the SQLs executed as a result of a particular call to a procedure. This can include 'bind variables', for example showing the salt used in an encryption call. The DBMS_TRACE is not usually installed, but when installed and enabled it can be used to track the path taken through the code, in terms of line numbers and procedure/function calls.
To protect code from being analysed, the first recourse should be to use packages. With procedures and functions, the entirety of the code is available to any database user who has been given permission to execute the program. With packages only the specification (program name and argument names/datatypes) are available and the actual code in the body is only visible to the owner of the program and those with high database privileges (normally DBAs).
It would appear that PL/SQL source text wrapping is not useful to eliminate the technical means to read PL/SQL code, but rather to accomplish one or more of the following goals.
