LinkUploadDeniedExtensions not used?

LinkUploadDeniedExtensions looks like a useful value in the config file, but it does not seem to be used anywhere except in the localization text. Is there supposed to be some code that prevents upload of executable files? I would like to not have people pretending to upload images and then selecting a php file, uploading it and then possibly running it on the server. I'm thinking it might involve (at least in the case of php) a regular expression test against the uploaded filename and returning a code 202 if it's a bad one.