alt Hacker NewsUnless I am misunderstanding the discussion on GitHub, the attacker would still need to know the exact path where the file is saved, and the name of the file itself. Even then, all they can do is download the file from your device--which they could just torrent themselves for a fraction of the effort.
A DDoS is still a valid attack.
Very few consumer connections can manage, say, 100 clients downloading a massive video file simultaneously.