diff --git a/fillpdf.module b/fillpdf.module
index beeb51e645ad7715e617bc4ba9ba5323106f4c2f..428ba0130a938e835ce5d3bceb54380d8cf58ef0 100644
--- a/fillpdf.module
+++ b/fillpdf.module
@@ -185,6 +185,11 @@ function fillpdf_file_download($uri) {
       // your own module for more control.
       $usage = file_usage_list($file);
 
+      if (!isset($usage['fillpdf'])) {
+        // File isn't registered with FillPDF, so we don't have any say.
+        return;
+      }
+
       foreach ($usage['fillpdf'] as $type => $per_id) {
         switch ($type) {
           case 'fillpdf_form':
@@ -220,11 +225,10 @@ function fillpdf_file_download($uri) {
             break;
         }
       }
+      // The file is registered with fillpdf, but didn't reach the success
+      // condition, so they aren't allowed to view this file.
+      return -1;
     }
-
-    // They didn't reach the success condition, so they aren't allowed to view
-    // this file.
-    return -1;
   }
 }
 
diff --git a/tests/FillPdfTestCase.test b/tests/FillPdfTestCase.test
index d4dd08c16eefcb145e82deba3df389304045cfdc..480b0a784e0a50882d1b490ef2ced636bea802e3 100644
--- a/tests/FillPdfTestCase.test
+++ b/tests/FillPdfTestCase.test
@@ -90,6 +90,10 @@ class FillPdfTestCase extends FileFieldTestCase {
     $saved_file = fillpdf_action_save_to_file($fillpdf_object, 'fillpdf_test_v4.pdf', FALSE, FALSE);
     $saved_file->display = 1;
 
+    // Create an unmanaged copy of the file.
+    $copied_file_path = file_unmanaged_copy($saved_file->uri, $saved_file->uri, FILE_EXISTS_RENAME);
+    $this->assertEqual($copied_file_path, 'private://fillpdf/output/fillpdf_test_v4_0.pdf');
+
     $new_node->field_pdf = array(
       LANGUAGE_NONE => array(
         0 => (array) $saved_file,
@@ -106,6 +110,17 @@ class FillPdfTestCase extends FileFieldTestCase {
     $this->drupalLogin($this->nonPrivilegedUser);
     $this->drupalGet('system/files/fillpdf/output/fillpdf_test_v4.pdf');
     $this->assertResponse(403, 'User without Administer PDFs and without Publish All PDFs cannot access PDF they cannot view the node for.');
+    variable_set('file_module_test_grant_download_access', TRUE);
+    $this->drupalGet('system/files/fillpdf/output/fillpdf_test_v4.pdf');
+    $this->assertResponse(403, 'Access is denied even if another module grants access using hook_file_download().');
+    variable_set('file_module_test_grant_download_access', FALSE);
+
+    $this->drupalGet('system/files/fillpdf/output/fillpdf_test_v4_0.pdf');
+    $this->assertResponse(403, 'Access is not granted to an arbitrary private file by default.');
+    variable_set('file_module_test_grant_download_access', TRUE);
+    $this->drupalGet('system/files/fillpdf/output/fillpdf_test_v4_0.pdf');
+    $this->assertResponse(200, 'Access is granted to an arbitrary private file after another module grants access using hook_file_download().');
+    variable_set('file_module_test_grant_download_access', FALSE);
 
     // Test access when generated through entities.
     $this->drupalLogin($this->privilegedUser);
@@ -113,6 +128,10 @@ class FillPdfTestCase extends FileFieldTestCase {
     $saved_file_2 = fillpdf_action_save_to_file($fillpdf_object, 'fillpdf_test_entity_v4.pdf', FALSE, FALSE);
     $saved_file_2->display = 1;
 
+    // Create an unmanaged copy of the file.
+    $copied_file_path = file_unmanaged_copy($saved_file_2->uri, $saved_file_2->uri, FILE_EXISTS_RENAME);
+    $this->assertEqual($copied_file_path, 'private://fillpdf/output/fillpdf_test_entity_v4_0.pdf');
+
     $new_node->field_pdf = array(
       LANGUAGE_NONE => array(
         0 => (array) $saved_file_2,
@@ -125,6 +144,17 @@ class FillPdfTestCase extends FileFieldTestCase {
     $this->drupalLogin($this->nonPrivilegedUser);
     $this->drupalGet('system/files/fillpdf/output/fillpdf_test_entity_v4.pdf');
     $this->assertResponse(403, 'Entity mode: User without Administer PDFs and without Publish All PDFs cannot access PDF they cannot view the node for.');
+    variable_set('file_module_test_grant_download_access', TRUE);
+    $this->drupalGet('system/files/fillpdf/output/fillpdf_test_entity_v4.pdf');
+    $this->assertResponse(403, 'Access is denied even if another module grants access using hook_file_download().');
+    variable_set('file_module_test_grant_download_access', FALSE);
+
+    $this->drupalGet('system/files/fillpdf/output/fillpdf_test_entity_v4_0.pdf');
+    $this->assertResponse(403, 'Access is not granted to an arbitrary private file by default.');
+    variable_set('file_module_test_grant_download_access', TRUE);
+    $this->drupalGet('system/files/fillpdf/output/fillpdf_test_entity_v4_0.pdf');
+    $this->assertResponse(200, 'Access is granted to an arbitrary private file after another module grants access using hook_file_download().');
+    variable_set('file_module_test_grant_download_access', FALSE);
   }
 
 }