Absolutely that is a bug. @dtech sent me an illustration of the issue and that is not intended behavior. Thank you for the report and we will work on patching this up today. The issue comes from apache requiring a valid-user. I am assuming that this is not weighing the authentication against any user in particular and simply saying "Hey, you're a valid user with a password, here's the directory."
You can do this absolutely!
As @dtech stated, the share plugin can be set to an unlimited amount of time. However, if you wanted to set this in something like
/var/www/html and have it forever public facing you could do this.
It will require the creation of an alias in your apache configuration like the following:
/etc/apache2/sites-enabled/ and open the
aliases-seedbox.conf for editing.
At the bottom of the file, create a new alias for the directory you would like to be public like so...
Alias /public.download "/var/www/html/"
Options Indexes FollowSymLinks MultiViews
allow from all
You can name this alias whatever you like. Now save and close the file and reload apache with
service apache2 reload
You can now navigate to the location via
http://_your_server_ip_/public.download/ and your file will be listed and publicly available... all in the meanwhile, keeping your username out of the picture and held in a completely different directory than where rtorrent data resides.