This is super-neat and I've always wanted to use it: http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html
Basically, we generate and sign a JSON blob with rules about destination path, max upload size, expiration time, etc that a client can then use as credentials to POST directly to S3, instead of going through the web pool. This wouldn't help for installations using non-S3 storage backends, but it would take some load off the SaaS cluster. arc upload could use this as well.
T12605 mentions large file uploads as one of the causes of long-lived, high-memory apache child processes and this could potentially alleviate it.