Is there any solution, or should I not use DCC SEND to send private files?
You should not use dcc send then. If this concerns you so.
I would really like to see statistics on how many times this has been achived by anyone covertly to "steal the file", you would have to attach to the port and match the dcc send protocol and download the file untill it didnt send anymore, you cant just attach a mirc to download it, as for that you would need to have forged a dcc send to the client and that means u already knew the length of the file. And u also have to time it up to get in during that what 1 to 1.5 second max window that the server is paused waiting for a connection on.
However I know its possable to do In a non covert way, I wrote a script to take advantage of just this "ability", It has a bot sitting in one channel offering a selection of files (errrr shareware

) that are actually on a private bot in another channel, when someone requests a file in channel 1, the bot requests the file in channel2, traps the inbound DCC SEND message to it from the channel 2 server and duplicates a similar message from itself but with the IP and port of the channel 2 server to the channel 1 requester, then ignores the DCC SEND, thus the channel 1 requester sees the DCC SEND from the bot and ataches to the port & IP of the channel 2 bot. The requester and sender are none the wiser, they both see the bots name as sender & reciever.
PS: The bot is ment to be doing this for anyone who wants to yell that this is sooo evil etc.