Setting a file as private means that only you can download the file when you are logged in. Other people cannot see the file, even on your profile page. If somebody inadvertently comes across the link to your file, an error page will appear, untruthfully claiming "File not found". (Which is what would happen if the file was non-existent in the first place.)
There are two ways to set a file as private. When you upload a file, there is a check box you can click to make the file private at the time of upload - if you really want to hide whatever it is you are uploading, this is the best way to do it.1 Otherwise if you want to make an already online file private, or a private file public, this can be achieved with the file manager.
Q: Why are private file downloads only available directly from
This is to maintain the privacy of the files. Any file marked as private is excluded from the mirror system unless made public.2 A public file that is marked as private after it has already been sent to a mirror server will will still be served by the server, until the nightly synchronization occurs. However, this shouldn't be much of an issue since the download page (where it would normally link to the URL that redirects your browser to the mirror server) no longer exists in the eyes of the public internet.
1The security of private files should not be relied upon for very
sensitive information. See the 'Privacy and Security' heading in the terms of
2Private files are stored on all full mirror servers for backup purposes. Each mirror server keeps a list of private files (updated nightly), denying download requests according to the list.