For any encryption, you need a key. I don't see how i can hide that key to a user that starts looking in the sources.
This is where you use Publick Key technology.
You have a private key and a public key.
1) could be solved by not each correct answer offline, but an irreversibe hash of each correct answer. The evalution would compare the hash of the users input to the hashed correct answer. But we lose some "intelligent" feedback possibilities (like detecting the user had just one character wrong).