Here is my idea:
This assumes you can dynamically generate the thank you page.
Generate a unqiue URL for the download: http://mysite.com/ebooks/download?book=greatbook.pdf&secretcode=12345
Then store the key in the database or and NSV and expire the key after a limited time.
If you use a username/password to allow downloads, the URL and password can still be shared.
This still isn't 100% secure, but I think it will work.
You probably would need a way for your customer service staff to generate and email a new URL for a customer if they have a problem downloading etc...
