File data URIs are currently undiscoverable (contain a large, random, unguessable secret) but not inaccessible: if you know the URL, you can download the data.
This approach makes the data CDN'able, and is similar to the system used by Facebook and Google for user content.
I'm not aware of any practical attack against this system. It is computationally infeasible to enumerate the secrets.
That said, some installs find it uncomfortable that knowledge of a URL is sufficient to retrieve file data, and it is possible for these URLs to leak through side channels (log files, screenshots, accidental indexing, etc.) more easily than the file data itself can. We could pursue partial solutions (like generating URLs that are valid for a short duration) easily, but this won't address the root issue of the scheme "feeling" insecure because it lacks a formal authentication step.
Adding a formal authentication step is complicated. Particularly:
- Normal session cookies can not be present on the domain the file is served from, because this permits the class of user-content attacks above.
- Doing some sort of session handshake will break and/or ruin performance for files like profile images.