Is WD software really secure?

I have the WD 2TB My Book Live NAS drive. I also installed the apps for Android and Windows Phone and I noticed something that bothers me a lot.

When I open the app (in Windows Phone at least), if I go into my private folder and I click on a document, the browser window pops up and a page loads with my document. I have noticed 2 things that are worrysome:

  1. This is an HTTP page, this is not an HTTPS site so it is over an unsecure connection.

  2. If I copy the resulting URL, which looks kind of like this:

and I send it via email to myself and I click on it on *ANY* device, I can see the document!!!

Now, I must be doing something wrong, I really hope I am, otherwise, I would be glad to take this NAS drive back to the store, get my money back and get a NAS drive from a company that takes security seriously.

I called the customer service about this and their response was:

“As soon as you load that document and it loads via the browser (from my Windows Phone app), the document becomes public” —> This is a big no-no for me, the app is useless if it means that I will be making every document in my private folder public.

just ran another test, I renamed the file and I was STILL able to access it!!!

This means that my private file is now cached in some server somewhere accessible by anyone over an HTTP connection, WD needs to fix this ASAP or at least give the users to clear the caching of their private documents.