Sensitive material can be intercepted by public parties when uploaded into the CMS System and/or the Media Library. Do not upload anything that should not be publicly viewable. This includes:
How could these files be intercepted?
Every file uploaded through the CMS system and/or media library is given a public URL. This url is accessible through any web browser. If this unique address is not posted on a publicly viewable page it is unlikely, however not impossible, that someone would "guess" the address.