It seems that file permissions are being set based on file type not on whether a file is private or public. All documents are set as not being readable by the world. All images and video are set as being readable by the world.
I see the code in the write() function in File_common.php has the ability to set file permissions as 640 or 644. But as described above that ends up being set based on file type not on whether it is public or private.
What this means is that all images and video are available to the world, even when they are intended as private and public documents are only available to the world when a /filecabinet/n reference is used to address the document. Those using the fckeditor to browse files and build a link are unable build a link to public documents.
File Cabinet version 2.2.2.