Currently when deleting a file from the asset manager it isn't actually deleted, and remains accessible at the old URL to allow webflow to include it in site backups. There are multiple reasons this is concerning from a security perspective:
I propose a number of potential solutions that could close this security concern:
1) In the asset manager, have a tickbox to show all "archived" files, so they can be deleted fully
2) When deleting a file, assume it is to be deleted permanently, but ask if the user would like to maintain a copy for backup purposes
3) Store all backup-only assets in a secure bucket within Webflow's AWS environment rather than have them remain on a publicly accessible server.