Hey @brytey2k
This is by design.
Why? Because if your server allows access to other domains files, then it’s fair to expect that you should be allowed to access them, and may want to.
If the other domain files are not supposed to be accessible to you (In your opinion) then your servers security is not up to par, and all those domains have access to your files and most likely database details as well.
This is one of the ways that malware spreads on servers – one site gets infected, it scans for other WordPress installs on the server for whose files it can access, and infects them (even though the installation didn’t have any vulnerable plugins/themes installed).
In the event you’re installing the plugin within an environment where you allow untrusted users to use it, you can lock it down to only allowing access to certain folders through the settings.
Finally, you probably shouldn’t be using this plugin at all. If you have a legitimate use for it, that’s cool, but it shouldn’t be used in place of the built in file uploader in most situations. Instead, most people should be looking at whatever problem they have with the upload tool and fixing that instead.
