Well, it just took me a couple of seconds to figure this one out.
Had a quick look at the components way to build the path and took some impressions from the threads in here, plus some knowledge about other J! template/extension combos.
Reason for doing this:
If you have images, designs, artwork, logotypes, music or video files that you want to sell (maybe professional photographer, designer, artist or musician) you really need to secure your intellectual property. It is after all your livelyhood. To place such property inside the WWW-root is the same as taking a risk of non-authorized downloads.
Placing of content inside/under the WWW-root is from a security perspective considered never to be safe. A website is per definition open to access. That's the way it's supposed to work. Network protocols, scripts and application calls are all able to connect to your site (everything under WWW-root). No matter the security you put on top of this, from a security standpoint a website is considered an open system.
The Cure:
Move sensitive files (in this case downloads) above the WWW-root. The access to this folder is not controlled by the Joomla! system. It is not accessible for any user via Internet. It is controlled by the operating system of the server.
So, can this nice Phoca Downloads component handle this? Yes it can!! 
1. Create an external folder outside (just above) your WWW-root (Ex. "secure_downloads")
In Linux/Apache the physical path looks like this /var/www/mysite/phocadownload to the
default Phoca Download file folder. In the config this is represented by just 'phocadownload', the rest
of the path is added by the component.
Enter your operating system or your host account and create the top-directory for your files
You now have a physical folder like this: /var/secure_downloads
2. In the component config (Settings/Download Folder);
change 'phocadownload' to "
../../secure_downloads"
(no citationmarks. don't forget dots n' slashes)
3. New folders inside this top folder/directory is then simply created in the component backend, as you normally do (Create the folder first in Files/New/files/Create Folder - Then download the file)
There is no issue with creating new folders inside this folder, via the component backend. But you need to create the first top folder/directory manually, as stated above.
Be well, be safe!
Regards
Akerman
)
