Ja, geht leider nicht. Ich habe inwzischen in der RFC 1867 den entsprechenden Hinweis gefunden:

"8. Security Considerations

It is important that a user agent not send any file that the user has not explicitly asked to be sent. Thus, HTML interpreting agents are expected to confirm any default file names that might be suggested with <INPUT TYPE=file VALUE="yyyy">.  Never have any hidden fields be able to specify any file."
[RFC 1867]

Arne.