Hi, Andrzej.

My usual advice about protecting images can be found here: https://juicebox.net/forum/viewtopic.php?id=5127
It still holds true but it's maybe not exactly what you are talking about.

As you have discovered, if you cannot view an image on its own in a browser, then Juicebox will not be able to display it. The images need to be publicly accessible.

You could see if your web host allows you to turn off directory listing but anyone determined enough (and with the knowledge of the structure of a Juicebox gallery) might still be able to find your images.
Even with a password-protected gallery, a visitor could view the source of the web page, find the configURL configuration file and view it to see the paths to the images.

You could try hotlink protection. This should prevent direct access to images but it's also very likely to prevent Juicebox from displaying the images, too.

If you don't include a configURL in your embedding code, then, by default, Juicebox looks for a file called 'config.xml' in the gallery folder. A casual visitor is unlikely to know this so the 'config.xml' file should remain hidden (as long as directory listing can be disabled).
The next step would be to not use the default image folder name ('images'). You can rename the image folder to anything you like (something less likely to be guessed), you'll just need to change the corresponding paths to the images in the 'config.xml' file (a global search and replace should do the trick).

Maybe the best option would be to password-protect the gallery folder on the server using .htaccess and .htpasswd files (or via your web hosting account's control panel, if available). Instructions can be found here. This should block all access to the gallery folder until the password has been entered so initially viewing the source of the web page would not be possible.

I hope this gives you some suggestions (or at least a little to think about).