No if you allow the user to chose the base directory if is more easy to inject the verification file without the knowledge of the domain owner.
No if you allow the user to chose the base directory if is more easy to inject the verification file without the knowledge of the domain owner.