In case you guys haven't heard, running upgrade.php is a method that can easily break blogs that rely on plugins on nearly any part of their page, since upgrade.php disables them. My suggestion is to do a cookie/session check on it, just like the rest of the files in wp-admin.