The first link is already protected by the plugin, the second is currently not; this is for performance and that all server have different configurations. Here a few tips to protect these links though:
By default the plugin uses a encoded image value. You, your customer and staff should not publicly promote these links. You can use the htaccess to prevent access to secure images. If you concern is people downloading the image be sure to use a watermark for all images.