No need to give your file an obscure name, or use a public bucket. You can use a private bucket and create a presigned URL with an expiration of up to one week.
Presigned URLs are long and ugly and b2 requires an extra API call to generate that, so I tend to prefer not to use them. The other reason for obscure names is so that you can't download or update files that you don't know the name even if you have the upload key. I know it goes against common sense security practice but compromising convenience can mean compromising security in many cases. The thing is to make sure your scheme is rigourous.