Some hackers or attackers try to upload script files in image upload files and they can see and change your files with that script. You can block this type file in that directories. You can forbidden type of files and close execution of CGI.

.htaccess

# secure directory by disabling script execution
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi .aspx
Options -ExecCGI

From: http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/#sec16