patmfitz

The only problem I can see is that it might not be enough to simply hide the option on the entry page. A clever user might be able to spoof the input fields, so the back-end script must also have a check for the user level, for each input field that you are hiding.

I am setting up wordpress for a client and though I can recommend that he avoids spaces in filenames, he will continue using them.
If you are going to allow filenames with spaces (and other characters that are not safe in a URI) to be uploaded, then you should display the correctly encoded link.
-fitz

Furthermore, what if WordPress moves to a multiple-blog setup like MoveableType, and you want each user to be able to customize his own template? Surely you don’t want all those users having access to PHP where they can wreak havok.

Having been through the PHP vs. template systems argument again and again, I came to the conclusion that PHP is best; however, if I was designing software like WordPress I would use a template system like smarty.
Why?
Because if you want to have plug-and-play, shareable templates, then using PHP is a massive security vulnerability. An attacker can post a whiz-bang set of template files that also contain malicious code.
In a template system, you are limited in what the template files can do, so you can install 3rd-party template files without worry.