Here are a list of welcome changes to Coquelicot:
Implement optional client-side encryption
Using the new HTML 5FileAPI, encryption and decryption of the files could be performed client side instead of server side. See the up-crypt proof of concept from hellais on how this could be done.
More flexible expiration
It might be interesting to also offer a calendar for specifying an exact date after which the file will be unavailable.
Hide file size (padding)
There is currently a real close mapping from original file size to stored file size. Original file size will also be recorded in server logs. Padding could be used to improve this situation.
Investigate more secure encryption algorithm
Coquelicot currently uses AES-256-CBC. AES is getting weaker and CBC mode is subject to Padding Oracle attacks.
Make a usable Gem
Most Ruby stuff is installed using Gem, so Coquelicot should also be installable that way. What is mostly missing is an easy way to create a default configuration and directories to hold uploaded files and temp. data.
Better support consecutive uploads
Previous settings are lost when uploading several files in a row. This is clearly suboptimal user experience.