See bug 1752888 for background.
improvements_to_download_panel enabled, the target of backgroundfilesaver saves goes through the following sequence:
- (on Windows/Linux):
randomletters.ext.part in a subfolder of TempD
randomletters.ext.part in the downloads directory
- once the user accepts the download for saving or opening:
realfilename.ext.part in the destination directory (either user-picked or default downloads directory, or temp directory on Windows/Linux for files being opened)
- once the download is complete:
realfilename.ext in the destination directory.
improvements_to_download_panel pref enabled, we automatically move from step 1 to step 2 without user interaction, unless the user has configured that filetype to "always ask", or unless the user has "always ask me where to save files" enabled and the filetype isn't set to open automatically.
This leads to a predictable filename, in most cases in a predictable location, which is a security risk. Even though it is less user-friendly, we should probably have a random part to the filename in step 2.