YES and NO. The code itself is mostly meaningless unless your proprietary code has huge exploits that are easy to find. Anything that is not proprietary – themes, plugins and wordpress core, the hacker already has an access to and will not gain any more insight into possible exploits in it by looking into your backup.
But there is one php file – wp-config.php which you need to protect at all cost. This file contains the DB credentials and the slating values for the authentication cookies, and might contain other thing like FTP credentials.
The DB info is dangerous as all I need to do in order to break into your site if you are on a hared hosting is to open an account on the same server if the MySQL server is located on the same hardware and then I can access your DB and make any modification I would like. For hosts with dedicated MySQL server it is even easier as all I need is an account tht will be on the same network.
Getting knowledge of your authentication cookie salting is less dangerous if you are a victim of a random hacker, but it can be used to construct a valid password from your cookie. OTOH, if you are serious about security then you will not let anyone to login to the site over unencrypted HTTP so that might not be a real security problem in practice.