In the latest version 188.8.131.52, in Site Settings > Security > Permissions there is a setting for roles that are not allowed to edit feature instance settings. Check Authenticated Users there and then allow authenticated users to upload in the Shared Files settings.
Remember that if they can upload they can also delete files. I would not trust strangers with this feature myself.
Hope it helps,