Manuel Lemos from phpClasses.org has written an excellent post about about the risks when allowing… Read the postNewbies, don’t upload exploits with your images!
Something that off-the-shelf scripts tend to neglect is saving your files in a secure location. Not all the files, necessarily. Just the valuable ones with things like your database username and password. The files that really matter. Read the postSecure File Locations