[Rhapsody]

People are going to give you an answer like "sprays are disabled because of pornographic content", but this is the result of a bigger issue. sv_allowupload and sv_allowdownload are the two convars that, when disabled, prevent sprays from being used. In particular, sv_allowupload, when disabled, prevents users from uploading files to the server (in most cases, sprays). sv_allowdownload is what allows the client to request downloads from the server (again, in the form of sprays more often than not). Both of these convars are heavily protected in that, outside of using an exploit, you can only upload sprays with them. When using an exploit, however, you can do some pretty nasty things, like uploading a module to the server (a .dll or .so that the server will automatically load provided it's in the right directory), and then transmitting a module to the client (here's an example of exactly that, done by someone who's now a Garry's Mod developer as an example of how much worse it could be) or downloading clientside lua files from the server (stealing content). FastDL works even with these disabled because the server directs you to download from an outside domain; the files are hosted on the website, not the server.

In general, this is why sprays can't be used. You can see your own spray, and people can see your spray if they've seen it before on a server that has these convars enabled, which is why you can see certain other people's sprays. There are methods to fix the exploits that exist with these convars, but in general, it's safer to either use an alternative spray system that uses image files (like SprayMesh) and tells you who sprayed what, or to disable the spray system entirely.

In other words, I'm saying that, although disabling sprays was a desirable result, it's the side effect of a larger issue.