The currently with the licensing structure of Tableau Online and Tableau Server interactor models users viewing the embedded views will need credentials. Given they figure out the Tableau Server url/name to access they could use the credentials to login and browse the Tableau Server. One way around this is to lock down permissions to alll views and data sources on Tableau Server. Only granting access to the views that the user should be able to see.
I would also suggest providing only the 'Viewer' permission to the user on the Tableau Server as this will only allow them to view the Viz with the ability to select and highlight etc.. but not ability to donwload underlying data as this sounds like it might be a concern.
More information on individual content source permissions can be found here: Set Permissions on Individual Content Resources
IF you have a core based Tableau Server license then guest access could be enabled which would allow you to use the guest access for the embedded views. This would remove the need to have user credentials for each user which could be used to login to the Tableau Server.
Hope this helps!