Yes your documents are protected. As with any piece of software there could be exploits and such, but the documents are certainly not left in the open by the system. No exploits are known at this time and if any are found patches would be released immediately.
The documents are stored in the database so they can’t be accessed by trying the file system with things like www.yourdomain.com/helpspot/files/abc.doc because there’s no files there. Also, the files in private knowledge books can only be accessed by a logged in user. So no person simply using the portal can access the files.
So if a person or spider had the internal URL they would not be able to download the file since they are not logged in to the HelpSpot administrative area.
You can easily test this yourself. Upload a file in the a private KB. Right click the link to the file and copy it. Log out of HelpSpot. Paste the link in your address bar and try to access the file. You should be presented with the login screen. Just make sure it’s a file you’ve just uploaded and never accessed before. If you’ve already accessed it the browser may send you the cached version it has locally (especially if you’re using IE) instead of getting it from the server.
Thanks for the compliment! I still like hearing it