If anyone buys the access to a a non-unique-link (ie: http://mybook.com/book.pdf), and then shares the redirected URL to a third person, this third person could load the link without paying, right?
Yup. For now, there is no security built into the link once you get through that payment wall. I'm thinking about how to do that without hurting UX - though it's low on the priority list anyways.
If you potentially host the files/keep track of static/unique URLs on your site, you could keep track of who is the first owner to ensure that no future users also claim to be the owner and resend the file/link as their own.
This doesn't take into account all cases but a good chunk to start with.
If anyone buys the access to a a non-unique-link (ie: http://mybook.com/book.pdf), and then shares the redirected URL to a third person, this third person could load the link without paying, right?