You can clone with
HTTPS or Subversion.
Currently the list of files points directly to the URLs of files found on the server, which means that the any user could easily download with valid username and password with a known URL.
Any way to force encode-explorer to serve the files within PHP or passing e.g. X-sendfile header to Apache? Unfortunately I have to protect some directories now with "basic auth" besides the username/passwd for encode-explorer which is really painful for users.