It turned out that this module is not actually needed, it is only left here for archiving purpose. Please have a look at the manual page,
Restrict specific folders from public download (via .htaccess)
--- original project description ---
Private Downloads allows you to choose (via .htaccess) which files in your ../files folder you want to have served by apache (no access checking, better performance), and which files you want to route through PHP (access checking based on filefield permissions etc).
Alternatives / Redundancy
There is a discussion about possible alternatives to this module. Please check http://drupal.org/node/534496
It can happen that I will remove or hibernate this module if it turns out to be redundant.
Currently there is no official way in Drupal 6 to combine public downloads with private downloads (or, that's what I found).
The only thing I found was this tutorial.
Mixing private and public downloads in Drupal 6
The "private downloads" module follows the ideas of the tutorial, except that it does not introduce a new permission, and it does not rewrite to "system/files", as I think none of that is necessary.
The module doesn't do much, it's meant as a solution for people who want to create a simple password-protected download area and don't like to write their own modules.
How to use
To choose which of your download folders should get access checking, you need to edit your .htaccess file. In my home install, I added the following line to the mod_rewrite section of my root .htaccess:
RewriteRule ^(sites\/default\/files\/downloads\/.*)$ index.php?q=$1 to protect the specified folder.
I should mention that the module does not automatically protect thumbnails of protected images (generated by imagecache or imagefield), unless you configure that in your .htaccess file.
I recommend to use this module to protect files uploaded with filefield, which gives you some access checking rules for free. You can download the file if and only if you can view the field and the node it belongs to.