With the above options, the server is active only when you explicitly go to the File Server View and anyone who attempts to access the server must be able to provide the correct user name and password in order to have access to the files through the server.
Because the above settings also limit access to the Public folder, it means that once you transfer files to the device, you should move those files to a folder outside of the Public folder. If you transfer files from the device, you must of course place the files in the Public folder first before you can copy them from the device using a web browser or WebDAV client, and then after copying the files, delete them from the Public folder. By limiting access to the Public folder, if anyone should be able to guess your user name and password, they would only be able to access files in the Public folder. This latter point implies that you should never leave any private files in the Public folder for any length of time beyond that needed to transfer them.
Setting the option to not allow web file listings prevents someone who does guess your user name and password from getting a listing of your files using a web browser. Although it would not prevent that person from downloading a file from the Public folder if the person knew the name of the file.