eStore takes care of encrypting the download links that are provided to customers.
As for securing the actual files, consider the following...
Create an empty "index.html" file in the directory that contains your downloads. For extra sarcasm, you might put a message in it like:
Find what you're looking for?
Or better yet, a popup ad...
Or you can "play nice" and just redirect them back to your main page:
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.yourdomain.com">
Also, inside the downloads directory, create an ".htaccess" file with one line:
In the server's document root directory, create a "robots.txt" file. It should contain the following lines...
Basically, create a "Disallow" line for each directory you'd like robots and spiders to ignore. Note: the "robots.txt" is an optional "please don't do that" type of thing. Search engines are not required to honor it.
To enforce mandatory exclusion of directories and files, you can add/edit the ".htaccess" file in the server's root directory, but that gets into the "running with scissors" area. You can do some serious damage, if you aren't careful... 8)