If I'm understanding you correctly, this sounds simply like a file-system permissions issue. I mean, if each USER has their own user account, and RWX permissions are only available to THAT USER, then I don't see how any other user can get in there and read the files, or do anything else to them either...
you could implement things like chroot-jails or _basedir_ restrictions, but it *sounds* like filesystem issue. Again, I apologize if I am missing the point--
maybe I should sit back and see if any other ideas float in..