The list of attachments isn't displayed on the list or edit views, only the detail view.
It is highly unlikely that anyone will guess the url to an attachment, because we create the URL using GUIDs that are, for all intents and purposes, impossible to guess. There are more GUIDs than there are atoms in the universe.
If you share the full URL with someone, they can access it without logging into Qrimp.
If you need additional security, we recommend removing read access to the attachments table for all groups. Or using Column level security to remove access to the column containing the full url to the attached files.
11/1/2009 2:18:32 AM