Justin Obara and I were discussing
FLUID-5353 in the channel, and I made the mistake of going looking for new updates to SWFUpload. What I found was that SWFUpload suffers from a cross-site scripting vulnerability. The maintainer has not bothered to fix it.
Years ago, I investigated alternatives to SWFUpload but determined that it was a substantial amount of work to replace it. We need to take this issue seriously. Post-1.5, the plan was to remove support for "legacy" browsers (those that aren't the latest versions of IE, Chrome, Firefox, and Safari). This would include removing the Flash back-end for the Uploader.
Given the nature of this issue, I think we should remove SWFUpload and the Flash strategy for the Uploader immediately.