I'd guess that these people will be the first to use your configuration-option. The next thing is that not all browsers really interpret mime-types correctly.
I think there is not much that you can do about it. You can not condam the knife for the murder, nor the smith.
I think that if you want to do something it should be really focused on the security of the filebrowser that you use. Does it allow any user to upload files without restrictions? or does it make sure that the user has logged in at the server and can access only his folders? Does it rely on cookies (bad) or does it use server sessions? can the user upload some executable file? does the restriction still apply if the user tries to rename a file? Are there any other potential problem in the server code? How does it handle errors? etc...
RE: FCKeditor used to create phishing sites?
I think there is not much that you can do about it. You can not condam the knife for the murder, nor the smith.
RE: FCKeditor used to create phishing sites?
Does it allow any user to upload files without restrictions? or does it make sure that the user has logged in at the server and can access only his folders?
Does it rely on cookies (bad) or does it use server sessions?
can the user upload some executable file? does the restriction still apply if the user tries to rename a file?
Are there any other potential problem in the server code? How does it handle errors?
etc...