It depends on the security needed.
Uploading to MySQL puts your files into an area of the server that is
more secure (harder to access) than the regular website directories.
Uploading to various website directories offers the ability to access and
manage the files more easily, but they are also easier to access for everyone
else too. You can use .htacess to secure directories, but I'm not sure if
that even comes close to MySQL security.
I'm guessing that a webhost counts either method the same as far as
maximum allowable storage, so that wouldn't make a difference.