It is trivial for another developer to download your app's IPA, copy the mlmodelc bundle into their own app, and start using your model.
Of course, this is not legal (copyright infringement) but technically speaking it's really easy to do.
Encryption is possible but you have to implement this yourself. Out of necessity, the decryption key needs to be part of your app, which still makes it possible for someone to decrypt the model. Or the app needs to download the decryption key based on a login or a license code or whatever and only keep it around for the current session -- but even then can a dedicated enough attacker decrypt your model.
So it just depends on how difficult you want to make it.
An easy way to obfuscate the model is to pretend it's a different kind of file. You could zip up the mlmodelc folder and rename it to "SomeImage.jpg". Then at runtime, unzip this file and load your model from that folder. It won't stop a dedicated attacker but it will fool at least some people. ;-)