It is nearly impossible to completely protect your app from reversal engineering, especially without any third party library.
BUT instead you can create another e-mail, with a different password, and configure it to resend any email received to your official e-mail.
This way if anyone actually manage to reverse the code and get the password, they will only have access to this secondary and unimportant e-mail account. This should solve the problem.
More info about actually protecting the code here:
How to avoid reverse engineering of an APK file?
How to make apk Secure. Protecting from Decompile