I had this problem too, but the only way i found, was to let the video
in the public folder (inside subfolder...), and you just need to
implement an ht.access on the folder, so nobody will be able to access
your video by entering www.YOURWEBSITE.com/VIDEO etc...
By the way send_file is not quiet good, google "x-sendfile"..