So, I just ran into this problem, when I thought everything was all set and secure as it can be. We're selling PDF comics and magazines. If someone buys one, and their browser is set up to display a PDF in it...when they "Download" the product, it then shows up in their browser with the exact URL of the product...which they can then copy and paste and share with everyone. I know this cause someone tweeted the URL to our latest issue, then asked how they found out the URL - because I was sure we were set up that download links do not show the actual URL of the downloadable product.
They were nice and let me know that that was how it got delivered to them...it opened in a new tab in their browser instead of downloading as a file. So I tested this, turned on a plug in in my browser so it can open pdf files in the browser, and boom, there it was, the URL of the product...and the PDF looked great in the browser as well, but...if we wanted people to just read it....free....I'm sure you see the problem clearly.
How do we assure that this never ever ever happens????