How can I make a pdf document that's linked to in a topic, secure?

[Arantor]

Nothing that SMF can do about it

Actually, yes there is. It chooses explicitly not to act this way.

The content headers SMF sends along with non-image downloads quite clearly indicate the browser is not supposed to open it there and then but download it. (Content-Disposition header)

If no such header were indicated, the browser would default to displaying it as-is:
1) users wouldn't necessarily get a copy (indicating they would need to make further downloads every time they wanted to view it)
2) direct loading of PDFs was at one time one of the easiest ways to get malware injected onto your system
3) there are still issues around larger files being streamed since the entire download typically has to complete inside 30 seconds when PHP is serving it, or at least the entire thing has to be shunted out of PHP and into Apache inside 30 seconds otherwise there is the time limit.