I would like to make files uploaded with ACF private, only accessible for registered users. For now anyone with a link to “wp-contents/uploads/…” can download the uploaded files. How to make this secure with ACF?
This is not something that you can do with ACF directly.
The best way to secure these files would be to upload them to a different location and then secure that folder with .htpasswd.
You can alter the upload path by creating a filter on the WP ‘upload_dir’ hook. You can read more about this here https://codex.wordpress.org/Plugin_API/Filter_Reference/upload_dir