I had this problem too, but the only way i found, was to let the video in the public folder (inside subfolder...), and you just need to implement an ht.access on the folder, so nobody will be able to access your video by entering www.YOURWEBSITE.com/VIDEO etc... By the way send_file is not quiet good, google "x-sendfile"..
Guillaume.