Security concerns with my file uploader on my theme options page?

I’ve added a file uploader to my custom wordpress theme’s options panel. In the uploader code, I’m specifying the following…

1) That the user is logged into wordpress
2) That the user has edit priveleges
3) That the file uploaded must be a zip file
4) That the path that the upload is extracted to is my theme folder

Is this sufficient security for a site on a shared server or should I add more?

(Most of my customer’s wordpress installations are on shared servers)