Hi,
I am with Marcus in saying its best to avoid doing so but it is not forbidden. Quite a few even core components check the $_SERVER variable. If you are using the $_SERVER["HTTP_X_REQUESTED_WITH"] variable to check for AJAX requests, it is not generally considered fool proof (https://stackoverflow.com/questions/2579254/does-serverhttp-x-requested-with-exist-in-php-or-not) . As for files, in all my years doing Moodle, I have only ever had to use $_FILE once and that was very unconvential case. The File API can be very confusing but is worth understanding it to ensure your code is more portable.
I am with Marcus in saying its best to avoid doing so but it is not forbidden. Quite a few even core components check the $_SERVER variable. If you are using the $_SERVER["HTTP_X_REQUESTED_WITH"] variable to check for AJAX requests, it is not generally considered fool proof (https://stackoverflow.com/questions/2579254/does-serverhttp-x-requested-with-exist-in-php-or-not) . As for files, in all my years doing Moodle, I have only ever had to use $_FILE once and that was very unconvential case. The File API can be very confusing but is worth understanding it to ensure your code is more portable.