After some investigation, I believe this is a screw-up on our part with the option defaults.
The issue is that the server considered the default option public, but the client showed it as private. This was a mistake we've made a while ago when switching from default public to default private, while correctly showing the client option but incorrectly doing the change on the server side.
We'll be patching this soon. Meanwhile as a workaround, you can forcibly set the option by turning the option to public, then back to private.
We are also making plans to allow viewing and changing the permissions of individual files, so the files that have been uploaded as public can be turned to private if you wish.