Upstream: https://secure.phabricator.com/T6564
The default visibility for files created at https://phabricator.wikimedia.org/file/upload/ should be "Public (No Login Required)". This is the same behavior as Bugzilla. Currently, the default is "All Users" which requires a login.
If possible, creating non-public files (or changing visibility of an existing file to non-public) should be limited to the Security group,