We could encrypt and password-protect the siafile directory.
Definitely some form of detection for theft/access of the siafiles would be nice, though I'm not sure it's possible. Any sort of state we add to track that kind of thing could be reverted by the attacker.
I'm glad you brought this up, it hasn't really been on our radar yet. Detection might be difficult, but we can at least make it difficult to steal the files even if you have access to the machine. We'll have to think about it more, but it's not anything we can implement in the next 2 months.
Maybe in 3-5 months though, I think this is a pretty high-priority item. I'd hate to see Sia data get stolen.