Each file uploaded using webshare is stored in my filesystem with owner and group "root". I guess it is a strong security risk.

If a wrong setup is causing this, please let me know correct configuration, or a tutorial with tonido security guidelines.

Is this on the tonidoplug?
On the TonidoPlug, the tonido process runs as root so the files are created as root.

Yes, this is on the tonidoplug.

Running processes as root and creating files as root may expose a big security risk.

What's Codelathe point of view / security recommendations about this?

TonidoPlug is a single function embedded device instead of a general purpose computer.
We agree that in general running as root is not ideal, but to accomplish the functionality that TonidoPlug has, it required root privileges.