Actually, there’s not too much you can do.
If an intruder has direct access to your site – where they can run get_option() or perform direct SQL queries – then you’ve already run into a problem. The safest bet here is to exercise your best judgement when installing new plugins.
In other words, the best plan of action is prevention. Don’t install plugins you don’t recognize or written by developers you don’t trust.
While you could use encryption to protect the data, remember that WordPress itself still needs access. So if WP can read the data, then anyone who can run get_option() can also read the data.