You would want to make sure that you disallow execution of any file that the user uploads, otherwise the user could just upload a file that punts out your passwd file or whatever.
But off the top of my head, I can't see it being a major problem....
/me waits to be corrected :-)
davis