Making code available is always a good idea, as long as the code works. It is probably a good idea even if it doesn't, since even non-working code can help reviewers and users/readers of your work to understand details of your implementation that your paper does not cover. However, if the code does not work, you should clearly indicate this in the source. In the case of working and tested code, bear in mind that sufficient documentation to run the code is highly desirable. You only mention reviewers, but you should also be thinking about general readers of your paper.
I think it is probably reasonable to supply a current snapshot of the code to the paper as a zip archive (or similar) for reviewing purposes, but why not just put it online directly as a Git or Mercurial repository on Bitbucket, Github, or similar, and reference this on the paper? I also recommend making repositories available in more than one place, in the interests of redundancy. For example, I have used both Bitbucket and Google Code for my Mercurial repositories. This has various advantages over a zip archive file; for one thing you can push corrections and other changes to your repository, and everyone will immediately have access to them.
If you are concerned about releasing your code before your paper has been published might mean someone else will "scoop" you, that seems unlikely to me. At least, it is not something I've ever worried about.