Mine does this. Also, when I'm at the password stage, there's a picture and a phrase that I added that is unique to my account. Makes it much harder to spoof the site that way, although I'm not sure about the multiple page thing.
No uploading involved. As I said, it makes it harder, not stops it. I'm sure they do other stuff on that back end as well to help detect spoofing. Also, you're talking about a phishing site, whereas the spoofing I'm referring to involves the session variable on the server.Wait. How does showing you stuff you've uploaded after you've given one part of the authentication help stop spoofing?