Some users can turn off referer in their browser requests, e.g. Opera. And there are 3rd party utilities that strip from IE, etc, so those users won't get pages displayed correctly.
First someone would have to know the name of the database. But even if they did, you can place a database above the root. Scripts running on the server can access it, but there's no way to directly access it.
To some extent it could be done with mod_rewrite - in the same way that you can protect images from being used within other sites... but as smalltime says - the files will be in the browser cache -- may stop some though.
I haven't tried it and there maybe other unpleasant side effects.
Heres the info from the previous post.... if you try it let me know how it goes :)