b) because I can
Thaaaaat's a negative. You can hide the mission as well as you'd like, but nothing's going to stop someone going into the .vp, copying it, and loading it up in the simulator. You can add checks to stop someone launching it from the simulator, and the player can remove them just as easily. You can get into an obfuscation arms-race if you want, but all you're doing is making your mission more complicated (and introducing the possibility of bugs while you're at it); if a player wants to cheat into the mission, they'll, because they've got all the data there already.
It's like the old "how do I stop someone copy-pasting an image from my Web page question"? The answer is, you don't. By the time someone can see the image in their browser, they're in control of it. You can try to shut off the right-click menu through Javascript, but someone can always disable Javascript; you can render it as a Flash file or <canvas> element, but they can take a screenshot. So you watermark your image or put a banner asking people not to steal your images, because there's no solution.
...hell, even if you did find some
effectively unbreakable system, nothing stops the player from ~k-ing their way through the entire campaign.
Now, I mean, there's nothing wrong with having an Easter egg mission or w/e, but
going out of your way to hide it is an exercise in futility. The checks you have in place seem fine.