Drupal security advisory DRUPAL-SA-2006-006: Certain -- alas, typical -- configurations of Apache allow execution of carefully named arbitrary scripts in the files directory. Drupal now will attempt to automatically create a .htaccess file in your "files" directory to protect you.
912163027c6bb36941cf7da0ba234a074978f1fa7d6a9468b1006f98299d31b5