At Odoo, the Open Source ERP, we work with around 1000 partners and/or customers that have a dedicated IT department developing Odoo modules/apps. From my past experience working with them, I would say that it's less about contribution than collaboration.
Some companies think that it's good to contribute to open source (for different reasons) and they just do that. It's usually a big failure as nobody uses their code and they get nothing from having published their development. The main reason is that something that has been developed for your own need rarely fit others needs (in terms of quality, feature, collaborative platform, ...).
If you think about it in terms of collaboration (working on github since the beginning, blogging about what you do, answer on issues, tweets, ...) you can get benefit from your open source contributions. Those benefit are mostly about small contributions (bug reports, translations, new features) or visibility. The key is to make it easy to on board new users/developers: work on the platform they already use (github), use transifex for translations, ...
I think it's a bad idea to start your repository private at the beginning. People are always afraid to "show to the world" an unfinished development but it's not a real issue if you are transparent about the status of the project. If you want people to feel engaged in your project, you have to on board them since the beginning. And contributions are more valuable if they come earlier in the development process. We noticed we get a much better engagement with our communities when we engage them in the very early stage of the project, at the analysis phase.
Protecting your IP is quite easy: choose the right licence and set a Contributor License Agreement. Merge Pull Requests only if they agreed on your CLA.