Kawecki's suggestion will give you the best security for the effort/hassle, especially if you don't link to the file anywhere except in the e-mail you send your friend. I would also suggest putting it in a made-up directory other than root. Give it some name like mhhfrdnmkjgdjhfsgftfdiei. That will probably be as safe as the protection on the original file you downloaded.