Thank you for your post.
FileMaker Server hosts all database files. It will not hide the databases from view, because FileMaker doesn't know which file you want to open.
One possible solution is to have a local file that uses a script to open the file on the server. This would open the file using the account name and password used in the local file. If no account name and password is used, then you will be prompted for one.
Another possible solution is to rename the sensitive files on the server. For example, XfCgRqZ.fp7 and PjtzH1e.fp7 could correspond to salaries and performance reviews.
I apologize for the confusion. You are able to limit which files are visible in the 'Open Remote' dialog by selecting ‘List only the databases each user is authorized to access’ in the Server Admin Console. I was able to duplicate the issue that you described where all files are displayed behind the authentication dialog. I have forwarded this issue to our QA department for review.
Thank you for bringing this issue to our attention.