The portion of your thank you page that shows the transaction information, and creates a unique download link for the buyer uses the extra information that we send with the URL to add that information to your thank you page.
If someone goes directly to the URL on your site, and places false information for the transaction in the URL, it will not match what is in on our server for your transactions. They will not be able to get a free download this way. The only way someone can get a free download is if you send them one using our Send Free Download Feature.
If a buyer sends the URl of, or a link for, the thank you page to someone, there is not a way to stop that. That is why we allow you, the merchant, to setup a time limit and a set number of download attempts for your product. After those attempts the download link will not work.