Hi WP -- The procedure depends on a number of variables: the Moodle host operating system; who has access to the host filesystem; the permissions under which the backup process runs; which parts of the host filesystem are served up by the host's web server software; etc.
For instance, the following would work if: the Moodle host is Unix-based; you have access to a command shell on the host with root permission and no untrusted people do; the backup process (initiated by cron) runs with root permission; the host's web server software is configured such that the following directory and its contents are not servable.
[in a command shell on the host with root permission]
# mkdir /moodle-backups
# chown root.root /moodle-backups
# chmod 700 /moodle-backups
[then, as Moodle admin, set Save to: on the backup configuration page to /moodle-backups]
As you can see, ideally the Moodle admin should be -- or should be working together with -- an experienced system administrator of the host operating system.