Version 1.7x does not utilize an uploads directory. It stores them in the database. So I'm not sure what your asking. Unless you posted this in the wrong section of the forums.
1.6x used a directory. The are a number of ways to prevent access to this directory depending on which webserver you are running. You could add the dir to your robots.txt (which would prevent good crawlers from doing anything with it). You could prevent directory listings at the webserver level. You could lock it down using an .htaccess.