I used to allow uploading of php-files (haven't for quite a while though) and I just saw a guy who uploaded a couple of different scripts trying to read my config file. Didn't work though, since it's outside the web directory, and it's not possible to run php scripts in the files directory. The guy even tried to make the php files into some binary format to be able to make it run (still didn't work of course).
This happened quite a few months ago, but I haven't seen it until now... The stupid idiot didn't even clean up after himself (like the last guy I found, who at least tried =P), the files are still there.
These damn script-kiddies are everywhere... Following the security instructions from infopop is a very good idea.