Please elaborate on how allowing a filename like .dsadsada/sad.php is insecure. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,204051,204064#msg-204064