If you can avoid storing files inside of teh database by all means do. It's vastly less efficient to pull data from a database than letting the browser and core Web server deal with pulling files from the disk directly.
There's overhead in pulling the data out of the database, it bloats the entire database considerably and if you're using generic tools like business objects/ORM you have to be careful not to pull the blob data down as part of common CRUD operations.
Storage is not really an issue. I would suggest coming up with a consistent storage scheme utilizing OS file naming conventions to standardize the physical storage.
The only real issue from your note above is security which can't easily be addressed by the file scheme. But you can protect the directories with Windows Authentication to avoid access by anything but the application as well.
+++ Rick ---
>We have been approached by the management about changing this methodology to store the physical file in a DB column also, probably a BLOB column, ostensibly to make the files more secure. Does anyone have any experience of the pros/cons and issues of storing files in a SQL Server DB column and what would be entailed in programmatically serving the files up to the users from the DB backend via an ASP.NET page?
>
>Thanks,
>Bill