One thing this doesn't touch on is using a one-way hashing algorithm on your file uploads. This allows your application to do another layer of verification. This also obscures filenames so that they cannot be easily indexed (e.g. Google search engine...)