Issue :
WordPress installed on a cPanel server.
Cannot upload images using WP unless the “uploads” directory is set to “777” which poses serious security threats.
Solution :
The reason is that WordPress is running PHP as a DSO (Apache Module) which insecurely runs all scripts commonly under the global username “nobody”.
Since your WordPress application is being run as “nobody” instead of your own login name, you must have GLOBAL readable permissions minimum. Hence, you need 777 permissions.
The only way to get around this is to have SuPHP based PHP which doesn’t have these types of security issues.
Note : Under SuPHP you could go as extremely tight as 400 and the typical norm is 640 for most uses. Folders are typically 750 or 755.