PUT is used for idempotent create/update operations. POST is used for appending to resources and for non-idempotent creates.

Uploading a file is simply performing a PUT on an object URI:
http://code.google.com/apis/storage/docs/reference-methods.html#putobject

Content goes in the HTTP request body.

This is not rocket science. If you can't wrap your head around REST, wait for someone to come up with a RPC-style API.

When someone tries to bash a cleanly designed RESTful interface as being "too complicated", you know it's a sad state of affairs. If this can lead to even one person reading chapter 5 of Fielding's dissertation, maybe some good can come of it after all...

http://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm
http://en.wikipedia.org/wiki/Representational_State_Transfer
http://en.wikipedia.org/wiki/Roy_Fielding

"Developer", meet HTTP..

If you feel like making an exploit public, go right ahead. Just make sure you send your patch along with it. What? No patch? It's a java servlet app, not an ELF binary. Unzip the .war, decompile the classes with jad, and fix the damn thing yourself. I've lost patience with the attention whoring from wannabe security researchers.