PodHawk Podcasting to the world!

I have started work on PodHawk 1.71. Apart from a few bug fixes, I have so far programmed :

• a Flash uploader for the images manager. This will allow multiple image uploads.
• an autosave feature for recording page 2. This will automatically save the posting title and text every 20 seconds, so that you will never again lose work when your session times out.
• some changes to the way that PodHawk interfaces with the Disqus commenting system. These will load Disqus comments asynchronously so that they do not delay the rest of the page. They should also ensure that comments continue to be associated with the right post, even if users use search-engine friendly urls to access your posts.
• A feature to display a QR barcode below postings to allow users to download the audio or video file direct to their iPhone or other Smart Phone

I would be grateful for your comments as users on one point however. As you know, PodHawk (like Loudblog before it) contains a facility which allows listeners to upload audio comments as short mp3 files. To use this feature, you need to enable it for each post on recording page 2. The trouble is that it is insecure. There is very little to prevent a user from uploading and running a malicious script. I could develop ways of improving security (eg storing audio comments outside the document root) but I wonder if it is worth it. I have never seen a PodHawk site which allows audio comments. It might be best to remove the feature completely. What do you think?