You will need to apply the server behavior to the page listed in the action attribute of the form. You say that the page works when it is in the root of your site. This tells me that there might be a problem with the hidden folder that you are using or the path to the file to send. How is this folder 'hidden'? If it is not an actually directory and only exists virtually then I can understand why you would have problems since the paths might not be matching up.
Putting the form in a special directory is not the best form of security unless it is a password protected directory anyone with a link can still access it. I would suggest that you leave it in the root if it works there, but just don't link to it to keep it out of view of the other users on your site.