CONTENIDO has the ability to save uploaded files in the database rather than on the actual file system.
Since the file is not actually stored in the webroot of your server, no one can access it without going through the dbfs.php from the client folder. This means that you could include any kind of authentication to download files. With normal files this would not be possible.
Another upside is that you don't have to worry about the file and folder permissions breaking the uploads and access to them.
On the other hand though, there are some disadvantages as well. Database access (especially with large file blobs) will almost definitely be slower than just serving the file statically. This can become a big problem if a file gets a lot of traffic.
All access goes through the dbfs.php of the client folder. The file will search for the given path and output the content of the file.
CONTENIDO offers the cApiDbfs classes to access files from your module or plugin. Especially the cApiDbfs::outputFile function is relevant here. Given a path it will print the content of the given file, setting the content type header to the mime type that is stored in the database.
For more information on the usage of the API classes, take a look at their documentation: cApiDbfs, cApiDbfsCollection.