we use Moodle 2.7 on Windows Server 2012 and a File repository. It is great if you use files that need occasional updates, since you don't have to replace files or change links, you just open the file (for example Excel and save changes).
But when you upgrade a server (we do this once a year, migrate to a new server), doing backup and restore, all the links are broken, so we have to relink all the files.
If we put the files (upload) to the course, it is easier to upgrade, but harder to change files (delete old one and upload and link a new one.
So what we did is add a virtual directory to IIS,
so existing link: https://educate.com/draftfile.php/15/user/draft/274444580/831part1.mp4
can be replace with: https://educate.com/moodlefiles/video/831part1.mp4
It works great, migration effortless, we just copy the repository and links work and we keep the easy file changing.
The question is, can this be dangerous, since one can directly access the file if he knows the folder and file name?