Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.
For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email firstname.lastname@example.org.
Email addresses publicly available online (Problem)
Put a .htaccess file in the /email/ folder with a default deny and deny from all.
Is this .csv file really necessary for your email list to be sent? Given the directory naming, research to see if its just an import file which probably should be deleted immediately after the import process. The file that isn’t there can’t be accidentally read either.