Storing Files outside of webroot so they aren't accessible directly

I noticed in the download protection area that there is a warning about not giving out the path to where your files are really stored. It just seems like it's a bad idea to store the files you want to protect in a web accessible directory especially if those files are worth any sort of $$$. Are there any plans to support this or is it something I should just write into my own implementation.