The only thing that I can say against that is: what directory do you make the default? And how do you ensure it's secure?
I agree, database storage is mostly not the way to go but I can see that having the directories as the default choice could be problematic.
BTW, File size upload limits are also dictated a by php.ini setting AFAIK. (which you may or may not have access to change depending on the host).