Also, if anybody has any comments about this method, that it is stupid and why, please tell me.

Two major reasons:

• not secure -- the symlink puts the file in an http-accesible location .. doesn't matter that it's for a relatively short timeframe; it's still available to whoever..
• will fail -- you're guessing at when the file can be deleted .. what if the d/l stops 1/2 way through and the user refreshes to start it again? It's going to take a net of at least 50% longer than anticipated.. The longer you make the window to compensate for this the bigger the first issue gets.

also considered a script that would stream the file line by line.. but i am sketched out by the variety of files there may be, etc

What's an example of a case where that matters? Because of the content-type header that would need to be sent?

Also, what kind of sessioning/authentication are you using?