Seeing the contract doesn't mean it's in easy to read format. Any software of sufficient size becomes something which you need to put in effort to analyze even if you have source code. And that's ignoring possibility of obfuscation. The stuff that uploaded to Etherium blockchain and executed is bytecode for Etherium virtual machine. Which makes sense, because it's much easier to precisely define semantics and ensure that multiple different implementations behave exactly the same for a small vm than it is for higher level programming languages.

Some websites like etherscan show the the source code with the version of compiler which was used to compile it. I assume that it works by author of contract uploading original source to the website as gesture that there is nothing to hide. But not every author does that. Assuming a reproducible build the website and anyone else who wants can then verify that it's the original (ore equivalent to original) source code by compiling it with specified compiler version. If the compiled output matches with what's on blockchain, it's then relatively safe to assume it's the original source code and analyze that instead of decompiling bytecode.There is still a chance that clever person hid a backdoor by exploiting a bug or quirk of compiler, making it harder to find unless you reverse engineer compiled bytecode or aware of specific bug in that version of compiler.

This is the result of optimizing for storage constraints. Storage is expensive on the ETH blockchain, so compiled bytecode is sent to the blockchain instead of raw source.