There is no way to open the uploads folder in WordPress (it'll return 404 error), so visitors have no chance to find filename and download it.
Yes, I know there is better way to make it more secure, but it requires php file source. Wordpress doesn't like direct php file requests, it'll case lots of problems with different WP configurations.