We already use Umbraco CMS and I'm looking at Forms as a replacement for our current forms system.

I've found a couple of things which I think are limitations of the product, but I'd like to check I'm not missing something before putting anything on the issue tracker.

File uploads

If I use the file upload field type, the file gets uploaded into /media/forms. That's a publicly-accessible URL, so the only protection for what might be very sensitive data is that the URL is hard to guess - not good enough. Workarounds to save it somewhere more secure might be to use a separate instance of Umbraco that secures /media, or reroute any uploads starting /media/forms somewhere else in an IFileSystem.

Accessing the data

If I want the owner of a form to log in to Umbraco and view the data coming in, I can limit their access to just that form, which is good. However it appears I have to grant them "Manage forms" access, which gives them the ability to change or delete the form - not good. We would definitely want form design to be a separate role from data processing. The workaround would have to be to design a secure API that gets the form data and presents it elsewhere outside of Umbraco.