You can communicate allot to people before you bring them on board without disclosing while establishing sufficient mutual understanding to make the right decisions.
If you are a programmer, use the same mental models you use to explain your work to less experienced peers. Metaphors left and right.
What you don't want to do is tell them business direction, revenue models, any leads you might have, with who and their nature, and anything else that might be used to screw you over.
You can keep your secrets really well, as long as you're not soliciting VC money or cofounders. If you intend to pay people, even if deferred, you can look them in the eye, tell them what you did before and you will find plenty of people who will have faith in you.
I also found it really helpful not disclose the name/website of the company to anyone you're speaking with directly. Aside from all the obvious reasons why not, you could also come into contact with a chatty social non-business blogger-type person who will running his mouth.
I personally think that IP protection paranoia with (for example) NDAs is overrated. Ideas are hard to protect because they're generally easy to come up with.
(I'm talking about web products here, scenarios will differ if you're doing something else).
Executing on an idea, however, gives you other things. Code (which can easily be protected with a license and NDAs), a brand (which is protected via trademark), a userbase (which is fickle, but you can work on making them happy and keeping them), a partner network (make it worth their while and they won't go anywhere), etc.
This gives you a Product.
Products are usually easy to clone (creating something that has the appearance of being technically equivalent), but hard to execute on (or in other words - turn it into a Product in itself).
Stop worrying about the source code leaking. Just assume that it has been leaked already. Unless you're sitting in a basement doing everything yourself, other people will have access to this code. If you out-source development to a third-party, the code has already been leaked.
What you should instead be worrying about is the security of your codebase. As you're obviously outsourcing, you should have a competent developer managing the outsourcing process and auditing the code for security flaws.
Bottom line : don't bother protecting the idea, use boilerplate NDAs and licenses for the code and its development and have strict auditing procedures for outsourced code development.
If you're starting up, IP really is the least of your concerns. Just assume everybody out there has illegal access to your source code, plan appropriately and stop worrying about it.