Yes, it's easy for anyone to take your valuable products unless you protect yourself. If you use PayPal to process your payments, All it takes is a simple click on View Source and voila; the location of where you put your download page is revealed!

For instance, look at the html code PayPal gives you when you create a "Pay Button".

Here's the typical PayPal button (html) code:

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="youremail@address.com">
<input type="hidden" name="return" value="http://www.yoursite.com/download.html">
<input type="hidden" name="item_name" value="Product Name">
<input type="hidden" name="item_number" value="001">
<input type="hidden" name="amount" value="49.95">
<input type="hidden" name="no_shipping" value="1">
<input type="image" src="http://images.paypal.com/images/x-click-but06.gif" name="submit">
</form>

Notice the line that looks like this:

<input type="hidden" name="return" value="http://www.yoursite.com/download.html">

The code contains a line that tells PayPal where to send your visitors after they pay you. While this is a great feature, as you can have your visitors download your products instantly after they pay you, but what about the thieves that know this trick? They're all getting your downloads for free, by going straight to your "Return URL", and bypassing the paypal system!

When your visitors view your source code, all they have to do is put http://www.yoursite.com/download.html into their browser and they don't have to pay for your product. Pretty dirty trick, isn't it?