In the scheme of things, I'd rather have the directory not set as 777 if it's dangerous. I'm using basic authentication to protect the upload interfaces, but I have no illusions that a hacker could probably figure out how to get past that fairly easily.
I was using HTTP_Referer to authenticate which page a user was coming from before running my email script, though after doing more research it appears http_referer isn't very secure either and can be spoofed. I was trying to prevent someone from automatically sending spam email from our email form.
I'd welcome any suggestions on making the mail form more secure.
Thanks for your help, and welcome to the team!