Of course, a sometimes serious drawback to having the scripts create the directories and files is that, if you need to access/move files manually, you may not be able to. I struggled with this issue for quite a while, until I hit upon the idea of setting my data files to 666, the directory to 711, and putting both in a place inaccessable to the web. Since the cgi script runs on the server, but many of the security risks are reduced by placing the world-writable files in a non-world-readable place.

Just my 2¢

Spacewarp

DISCLAIMER:
Use of this advanced computing technology does not imply an endorsement
of Western industrial civilization.