When assigning permissions at the list level to prevent non-administrators/contributors/etc. from viewing items, it is tempting to simply remove the "Reader" group; however, doing so causes permissions to be inherited, effectively circumventing the list permissions settings if Readers have View Items at the Site level.
To prevent readers from viewing list items, go to Advanced Permissions and uncheck all options except 'Cancel Check-Out' (WSS requires that at least one option be selected for a group). This will also ensure that users who see the document in search results are prompted for proper credentials before accessing the item.
