Mediawiki is far from secure, though, by any means. For example, media/image/upload objects aren't stored in the database -- anyone with the path can go get a file.
You can use img_auth.php for this. The files will be served out via MediaWiki, not Apache. You specifically deny access to the files via Apache.
Either way, MediaWiki is not designed for denying read access to individual pages or namespaces, and anyone trying to do so is setting themselves up for failure.
V/r,
Ryan Lane