phprock - it would be easy to restrict them anyway if you placed a .htaccess file into the folder - then only those with a username and password assigned by you could access them.
The other issue is that they're actual files rather than strings of data, which means a) they take up mondo space in your db, and b) they're more easily corrupted.
I'd suggest producing filenames to enter into the db, then turning those into links.
