Private files visible in Uploaded Files

Problem: A form with Attach Image field was inserted in Doctype A. When user click the button to attach file and click "Select from , all the files previously attached in other docs were listed there even the file is private and the user doesn’t have access to the doctypes.

Looks like this is not the right way…