One of the solutions I could think of is when AirTable database is shared with a collaborator, the collaborator works on the same data, however, the links would be completely different for the same document.
In other words, if the owner would look at the document link, the link would be different than the link to the same document that the collaborator would see. Yet, both links would point to the same document.
When the owner decides to stop sharing the database, the collaborator’s version of the links will be dead going to nowhere.
Added benefit would be traceability to see if somebody is downloading the attachments from the collaborator’s database in a batch.
Secondly, an adjustment AirTable could do is to fine-tune what an editor and collaborator is allowed or not allowed to do (see the links or not see them, allow 3rd party apps like Zapier to see the links in the collaborator’s version of the database or not allow to see them).
Maybe this could save the sheep and feed the wolf.
The only way to achieve 100% security model the way listed in the OP’s AirTable Security Manifesto would be to require login (or be logged in) every time anybody tries to access a document in AirTable.
Not only would this mean some inconvenience (and break functionality like described earlier) but even AirTable wouldn’t work as expected. Take for example the Gallery view. One of the useful ways that Gallery appears to being promoted by some perhaps to offer an a view of the data to the external world (e.g. customers for instance).
In my case, I turned the Gallery view to my private Classified site / eStore. I am even intending to add payment links to it through Zapier or similar. My idea is to turn AirTable to a poor man’s version of Pinterest / OfferUp.
If somebody wants to make copies of all the attachments, they could do that with a web-crawler.
So to summarize my view:
For AirTable to satisfy both the sheep and the wolf, they would need to fine-tune whether collaborators and viewers are able or note able to make a copy of the database, export database, access through Zapier, see links. Secondly, if people I trust have access to the links, the links should be unique to the person I shared with (regardless whether the links can be accessed by logging in or without logging in to AirTable).
Lastly, for all those other situations where people potentially have copy to the data in AirTable… well there are NDA agreements. In particular, if AirTable generated version of links that is unique to the individual I share with, that information would point to the particular individual who had misused that (download log in AirTable or something similar).