PHP streams are absolutely amazing. As mentioned by Elizabeth Smith (a great read if you don't know how to use streams) PHP streams are super powerful. Streams is something that is (to my knowledge) unique to PHP. The closest thing I've seen to it, is Linux's FUSE "user space" (i.e. not kernel module) file systems.

He shows an example of a stream in action and suggests an interface he'd like to see - an automatic connection to the Amazon S3 storage.

Manuel Lemos writes:

The problem that was discovered is that you can insert PHP code in the middle of a GIF image. That would not be a problem if it was not for the insecure ways some developers use to serve images upload by their users. Usually, uploaded files are moved to a given directory. If the site then serves the images directly from that directory and preserve the original file name, the site may be open for security exploits.

The problem comes when a user decides to upload an "image" file that's actually a PHP script (ending in PHP even) to the remote system. When this is outputted, it's placed inside the image tag and executed with each page load. Manuel offers a suggestion to prevent the issue - protecting the images directory and using readfile to grab the contents of the file to output rather than just a straight echo.