Personally I'm not a fan of anonymous purchasing, but it's something we could include as an option (turning it on or off). I feel that it's best to be able to keep track of purchases as much as possible. The best solution, IMO, is to allow someone to purchase the product without logging in; but once they have bought the product, issue them a random password (and allow them to login using their email address and said password). Logintoboggan works great for allowing login via email address.

And I'm not sure what you mean by "location of the files -> keeping them out of the web access". Right now it is possible (using the current File Products module) to keep the downloadable content outside the web root, thereby disallowing a casual user (or malicious hacker) from gaining easy access to the files. I would strongly advise against allowing access to the content from within the public web root, simply for that reason.