Founder here. We're excited to be able to begin offering security on Filepicker. Security in Javascript is hard because most of the possibilities (window.location, referrers) are easily bypassed. We've built this system based on a shared secret and signed polices; this method is a good start for us to help you easily enable file uploads while still protecting your storage.<p>We've tried to be careful and meticulous about how we approached the problem and tried to balance usability, clarity, and security. We've reached out to friends who do this kind of work at MIT, within our batch at YC, and with some beta customers.<p>Keeping our developers buckets safe and our user's files safe is one of our company's principles so feel free to email me at liyan@filepicker.io or post here; I'll stick around to answer questions or respond to comments.