How do we tell when a file is too big?
We can check if the file size exceeds the memory limit, but
surely we should be checking for some size smaller than
that so that we don't exceed the limit (by too much).

Yup, we should do it in chunks of some fraction of memory-limit, I guess.  quarters, fiths, tenths?  It should be a decently big chunk size so there will be a good chance that many files fit into a single chunk for optimal speed.

Is this really a problem, passthru will immidiately output the data to screen thus making hightened memory usage a very temporary thing. If the user tries to use buffering to 'hold' the data then the memory limit will kick-in anyway. The only way I could see a user trying to 'exploit' this is by writing a file that would load a large file to memory and then manually doctoring the request to read the data 1 byte at a time. But this is hardly different from allocating just shy of the memory limit and doing the same thing with multiple scripts.
This is really no different then making SQL query create a huge temporary table consuming *any* amount of memory.

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

Fixed in PHP 5.