Traditional approaches to mobile agent code protection rely on platform-based cryptographic services, often based on PKI solutions. In this paper, we discuss some of their shortcomings, and propose a new architecture for secure mobile agents that addresses two outstanding issues: inter-platform portability and agent code protection. Existing solutions often introduce heavyweight frameworks, requiring a major reengineering of legacy systems and severely impeding portability and code reuse. We show how preexisting, as well as new, agent systems can be robustly secured against a wide variety of external attacks, while minimising the impact on the code base of both the agent and its host platform(s). The paper closes with a discussion of our implementation of the proposed mechanisms, as an extension to the well-known JADE platform.