Yes. They would be available. That's the point, so they can view the PDF.
Millions of emails go out a day with links to credit card and bank
statements, investments, etc. Most don't think twice about using them
because there is security involved. It's not just open to the world.
Also, the PDFs could be generated "on the fly" so the link to the PDF isn't
a direct link to it, but a link with data that will create the file. Or
even copying the PDF from a secure directory to a temp directory while it's
being viewed. There are a lot of options.
A link to a PDF doesn't mean anyone can click it and it starts downloading.
It's up to the application developers to add security and/or complexity and
tell crawlers to stay away.