Mediawiki is far from secure, though, by any means.
media/image/upload objects aren't stored in the database --
the path can go get a file.
You can use img_auth.php for this. The files will be served out via
MediaWiki, not Apache. You specifically deny access to the files via
Either way, MediaWiki is not designed for denying read access to
individual pages or namespaces, and anyone trying to do so is setting
themselves up for failure.