I have just released a new and improved version of my Private Uploads module. I am really happy with it. http://drupal.org/project/issues/private_upload

There are problems with core file handling. There can only be one files
directory, and the download method is either public or private for ALL
files. If it is set to private all files are forced to go through a
full drupal bootstrap, which makes pages with multiple images unusabily
slow. Also, Drupal only munges the displayed URL for the file, and does
nothing to actually protect the files from being downloaded with a direct
URL that can be easilty guessed from the “secure” one.

This module addresses these problems:

• It creates a secure subdirectory inside fo the standard, public files directory.
  
• It warns you if files in the private directory are accessable.
  
• It offers to place a .htaccess file in that directory that will prevent files from being directly accessed on Apache webservers.
  
• It proveds a per-file checkbox for specifying a particular file as public or private.
  
• It allows you to set the default method to public or private.
  
• It only allows access to files to users who have access to the node it is attached to.
  
• Is also includes tools to help you migrate your existing file over to this system, and to audit your files to make sure they are in sync with the database.

Now with 200% more ninja.