We've made no claim that these features provide security for the media files. It is no different than the image gallery features in that regard. If someone knows the url to the media they can get it.
Theoretically it might be possible to secure the files in a similar fashion as the shared files feature such that the files are stored on disk with a .config extension so they cannot be downloaded just by knowing the url, and then use an .ashx handler url for the files that checks the role permissions and writes the file to the response stream if the user has permission. But I'm not sure how that may impact the streaming and playback of the files, probably it would work but it would need testing, with larger video files it may choke and with lots of video traffic that approach would probably add a bit of load on the server vs just letting IIS serve the file.
But that wasn't really a goal for this just as it wasn't a goal for the image gallery features. The goal was just to make it easy to have audio and video in one's site.
I'd consider trying that as a possible future enhancement but it should be optional such that a setting can indicate if the instance is supposed to use secured files and then we'd have to figure out how to handle it if the setting is changed after files are uploaded.
Maybe you can clone it and modify it for your needs and if it works well let us know and we could consider integrating the changes back into it.
Best,
Joe