I am uploading a 100k script on a live server and this takes 2 seconds.
While uploading someone on the Net calls some page that uses that script.
The server includes/uses a partially uploaded file giving most of the times parse errors and some rare times unpredictable errors.
The solution could be simple: upload the file (ex. auth.php) to a temporary file (ex. auth.php.winscp.tmp) and only when 100% uploaded it renames the temp to the originary file overwriting it.
This would make live uploads secure with Winscp!