At the moment, file insertion is either on or off. What would be nice is to allow inclusions from specified directories. This way, the authors can keep the benefit of inclusions, but security can be maintained when performing operations in a web application context.
e.g. a command line option like:
will allow files that exist in path1, path2 and path3 to be included, and ignore others.