There are many points where someone can enter your site through many applications and they search out 777 directories to deposit files. There are no known security holes with Photopost allowing these types of files
Data and uploads directories need to be 777 for uploads to work unless you host changes that.
I would suggest you look at all the software you run on your site and make sure it is current and see if any of that software has known security issues
example people running vbulletin hacks on their vb
forums we see this alot.