Images in issues, comments and merge requests can be accessed without authentication/authorisation

https://docs.gitlab.com/ee/security/user_file_uploads.html

Images that are attached to issues, merge requests, or comments do not require authentication to be viewed if they are accessed directly by URL. This direct URL contains a random 32-character ID that prevents unauthorized people from guessing the URL for an image, thus there is some protection if an image contains sensitive information.

My users are complaining about this. I'm promoting Gitlab as a save way to store data. This feature does not help. I'm wondering if you could reevaluate this. Images can contain sensitive data too. Security through obscurity is not enough. Especially with the new privacy laws people are getting more and more cautious.

Regards, Rob