To protect yourself from malicious code, just don't use scripts that you don't trust. It's as simple as that.
To protect yourself from others, don't type anything that someone you don't trust tells you to type. Beyond that, use a decent firewall and/or router and you should be perfectly fine.
You cannot block a /whois, but depending on a network, you may be able to mask your host (nick!ident@12-34-56-78.comcast.net, for example, might appear as nick!ident@asdfg.wertdg.wersd.comcast.net). This is solely based on the network's settings and is usually automatic while on the network unless you manually disable it. Alternatively, you can use a vhost on certain networks to hide your real host information. A vhost (or virtual host) is just a made-up host name. For example, you could be Swerve!Swerve@You.cant.find.me.
In any case, just because someone knows your host doesn't really make a difference. Every time you connect to a website, the website gathers that information as well and there is more chance of getting infected with something that way than on IRC.
