Hey Sababec,
I’m surprised no vendor has commented on this yet, hopefully I will be able to shed a bit of light on the topic for you.

Before I start I would like to say that because of how technology works it is almost impossible to keep a downloadable product safe in every conceivable situation. Even if you make sure that no can steal your product off your site, if someone legitimately purchases a product from you this does not does not stop them from then just e-mailing that file to whomever they like. Though I generally find it the case that people will not do this because of legal reasons.

The services we provides does not include any implicit service to handle your downloadable products. With a vendor account there are ways to offer products to the customer at the end of the sale without extra scripts, although they tend to not be very secure. Below I will explain the simplest way to set this up, then I will move onto the more secure methods which I recommend.

Inside of a vendor account you are able to have a return URL that the customer is sent back to after a purchase is complete. You have the option of either using a global return URL that will always be the same, or you can define a different return URL for each of your products. If the vendor has return URLs for each of their products then at the end of the purchase the customer will be sent to our order processed page with a link for each product they purchased.

Some vendors who offer downloadable products will have a HTML page for each things they are going to sell which on it give the ability to download the product. Inside of the vendor’s account they will then use the link to that page as the return URL for the corresponding product. Because of the way product specific return URLs work this method will get the correct downloads to the customer, although it is very unsecure and not recommended.

The reason vendor’s will use a HTML page for the return URL instead of a direct link to the file is because of a method that can make this process more secure. When we send a customer back to your website will also send along information about the sale, in particular one piece of information we send is called the MD5 hash. If a vendor was to check this parameter each time a customer went to their site they could make sure to only give the downloads to people coming from a real sale. Below is a link to an article about the MD5 hash and how one would go about making a page to check it.
http://www.2checkout.com/community/?p=223

However, even by using the method above it will still not completely protect your downloadable products. It is secure in the fact that people will not be able to do demo orders on your account to get to your downloads and they are unable to give out links to the HTML page to people, although someone can still find the link directly to the downloadable file on your website and give that away. Because of this if you really want to be secure with your downloads I would not use the process I mentioned above.

The next best step is to look into third party carts or scripts. Many of these systems have advanced scripts to securely transfer products to the customer for what they purchased. Personally I have not used any so I will be unable to say which is the best to use, however out of everything I’ve seen it appears that the LinkLok system is the most popular. Below is a link to the LinkLok page.
http://www.vibralogix.com/linklok/

Other systems that are known to work with us can be found at this link below, although I will not be able to say which ones handle downloadable products.
http://www.2checkout.com/community/?s=third+party+carts

- Chase