[eluser]Unknown[/eluser]
I guess my (somewhat silly, I'll elaborate below) reply to this would be, 'What if a new file type came out?', I'd have to update my whitelist.
The system I am creating is being used by all different industries, files could be uploaded ranging from <1kb text files, through to >1GB CAD files, from standard notepad to specialised software. There are simply too many file types I need to account for in that regard and it is just not possible.
But I agree with you, for most systems, white listing is definitely the way to go.
I'm the exception I guess, where it is harder to whitelist than it is to blacklist.