cffile and security

Good Morning, I have been working with cffile for the first time and in the process, read several places that you should upload files to a temp location outside your webroot for security reasons.  My original problem was with trying to eliminate spaces from file names...so now this is the process I'm using...upload to a temp file, remove spaces and replace with _ then move the file (code below) My question is, why do I have to go to a temp file first and is this secure in it's final version/location? Also, how do I deal with naming conflicts...does move allow for the same options as upload...rename, overwrite ect.?  It doesn't seem to allow for a result struc. <!---Query for job folder name---> <cfquery name="jobfolder" datasource="#Application.dbDSN#"> select jobfoldername from jobs where jobId = #session.jobId# </cfquery>   <cfoutput>     <cffile action = "upload"     fileField = "FileToUpload"     destination = "c:/temp"     accept = "image/pjpeg, image/jpg, application/pdf"     nameConflict = "MakeUnique"      result="result">   <cfdump var="#result#">     <cfset NoSpaceServerFileName = reReplace(Result.ServerFileName, "\s+","_", "all")>     <cffile action="rename" source="c:\temp\#Result.serverFileName#.pdf" destination="C:\temp\#NoSpaceServerFileName#.pdf">     <cffile action="move" source="C:\temp\#NoSpaceServerFileName#.pdf" destination="C:\cfusionmx7\wwwroot\pyramidhomeworks\JobAdmin\JobFiles\#jobFo lder.jobFolderName#\#NoSpaceServerFileName#.pdf" result="moveresult">     <br /><cfdump var="#jobFolder#">     </cfoutput>