This is a matter of whether or not you expose your AccessPoint to the internet. If your AP is exposed, then I'm assuming you will be using AJAX with Anonymous authentication since that is the only really usable option outside your internal domain. A simple (if not very elegant) solution would then just be to modify the QvAccessPoint.js and index.htm files to only display a link to open a file in AJAX and remove the Preferred Client dropdown. Then, in the User Documents tab of QEMC, you would define that the "private" QVWs cannot be opened with AJAX. The reason this solution is not very elegant is that the user will still see a thumbnail for the file that he cannot open. A more elegant way would be to implement an IF function in the QvAccessPoint.js file that will only display thumbnails if AJAX is allowed on that file; the syntax for this IF statement would be similar to the "can_use_ajax" variable defined in QvAccessPoint.js.
As far as I know, no easier solution exists where you are using only 1 AccessPoint and QVS.
I'm sorry for the convoluted answer, but I hope you understand. If anything needs clarification, let me know.