Anyone if they know how to grab an image can. There is really no full proof way to protect images. An image is cached on the users computer so they have your image and most do not even know this.
If you do not use image protection and the user knows the real url to the image they will be able to view it. Viewing permissions are meant for use in the software using the script not fooling your server which is an entirely different thing.
vbGallery does not have all the image protection our Pro package does but I do beleive you can use GD2 to apply on the fly watermarking which will use a script to load the images hense the user is not shown the full url to the file.
However as stated if someone can guess the url to a file they will always be able to view it as there is nothing to stop them no script nothing they are simply viewing a file on your server has nothing to do with the script. You can prevent hotlinking so your images can not be viewed off other sites but there is a limit to what one can do.
Code you reference is already in place when on the fly watermarking is used you can check that out in the files. The point I am merely saying is images are always viewable if someone knows the full direct url to it.
An extra level of protection we use in the Pro product is where we change the storage url to a folder below the webroot. You can try Pro if you wish to investigate the storage capabilities of that product.