In the step where I can add functionaries, the upload function perhaps should perform sanity checks on the data to be submitted. For example, I can drop my private key, it gets uploaded, rejected by the server, and then is printed prominently in an error message in the browser. Also, I can send whatever amount of random data, and get a lot of it returned.