Mediawiki is far from secure, though, by any means.
For example,
media/image/upload objects aren't stored in the database --
anyone with
the path can go get a file.
You can use img_auth.php for this. The files will be served out via
MediaWiki, not Apache. You specifically deny access to the files via
Apache.
Either way, MediaWiki is not designed for denying read access to
individual pages or namespaces, and anyone trying to do so is setting
themselves up for failure.
V/r,
Ryan Lane