One of our clients' Drupal sites is already using Webform Protected Downloads to restrict access to file attachments. This module depends on Private Upload, although there is - confusingly - another module called Private Download that does something very similar: runs files stored in certain directories through PHP, so that Drupal can check whether or not the visitor and their context permits them access.
Because the client is moving to a slightly different setup, including taxonomy- and role-based access control using TAC Lite, then they need both of these "Private *load" modules in place at the same time. Rather neatly, we've found that they don't conflict at all: except for one bug, which you might even manage to avoid.
Each module has a configured subfolder, which it maintains, and for any file in its subfolder, the module makes the decision. But Private Upload is over-generous in its decision about what counts as its files: if its subfolder is e.g. "private", but Private Download is using "private_download", then Private Upload spots that the latter begins with the text of the former, and assumes that they're its files too! That is, Private Upload checks for files beginning "private...", not "private/...."
Quick to fix, if you spot it before you have installed and are running both modules: just make sure that the folders have wildly different names. Or apply the patch I submitted.
