I'm sure there is a way, but does anyone know how to block files from being viewing in the webbrowser but can be opened by a script on the same server?

depends on how your server is setup, if you're on apache, then you can define a file prefix that will not allow the browser to grab a file which matches, my default apache blocks access to file prefixes .ht (used for .htaccess .htpasswd) so you could add your own prefix there or simple use that same prefix?

Hope this helps!