Assumption is that you are using MS Access and have a multi-user environment set up.
First - Absolutely NOTHING is 100% secure.
Easiest solution is to convert your production version of the .mdb to .mde - This will compile your code and not allow the users access to the forms, queries and code that makes your application work. (Tools/Database Utilities/Make MDE File)
This isn't fool proof, but it would cause your co-worker additional effort which might make him/her decide to go bother someone else.
Being that you already know who did this, using the built-in Security wouldn't be of much help.
This sort of "joke" is not something you play on your friends, so you probably have another issue to deal with also.