You're right. It doesn't work well with anything other than Anonymous users. As I understand it the Flash plugin doesn't use the browser itself to send the file, so, in this case, it doesn't pass any authorisation headers with the request. If you login and then upload a file it considers you as Anonymous. DOHHHHH!
I'll have to look in to this and see if there's a way round it by passing in the auth headers to teh URL request, as discussed here: