You can clone with
HTTPS or Subversion.
Add file upload field to default template? (commented out?)
I would have a settings switch for this. Because just not having it in the template while form still allows it, would allow somebody to forge the upload and force the attachment.
You're absolutely right