However, although performing a client-side check of the file name can be useful, it does not guarantee that users cannot upload an unsafe file type, such as an executable file.

Automatically inferring an "Add" operation is similarly unsafe. We don't want our SCM tool automatically adding any file which happens to show up in our working folder.

Unfortunately, their portability also makes them vulnerable against unauthorized access, which in turn makes them unsafe for sensitive file storage.