The best solution is for the downloads to be placed outside the www root. The download script would need to send the correct headers and feed the downloaded file to the user. This would allow for the actual name of the file to be displayed since only those with access would be able to download it. There would be no way around this. (unless they have ftp access to your server of course) lol
The problem with making a hard to guess directory name is that if they have access to some downloads they then can figure out what the directory name is anyhow and then download other files they don't have access to. (provided they have the names of them)
