Apparently, any file uploaded to Commons that has the character pair "<?" anywhere within the first 1024 bytes gets detected as having the MIME type "application/x-php". This seems a bit excessive. Some examples include:
http://commons.wikimedia.org/wiki/Image:Bundesarchiv_Bild_137-002552,_Türkei,_Anatolien,_Taurus,_Feldbahn.jpg
http://commons.wikimedia.org/wiki/Commons:Village_pump/Archive/2008Nov#Uploading-Error
Note that I don't believe there should be any security issues with serving such files to users: I'm not aware of any user agent that would execute downloaded PHP code, and certainly not one that would use such a hair-trigger check for detecting it.
(Ps. This might be a Wikimedia configuration issue: I haven't yet looked at the MIME type detection code closely enough to tell. Filing this for now as a MediaWiki bug, feel free to reclassify.)
Version: unspecified
Severity: normal
URL: http://commons.wikimedia.org/wiki/Image:Bundesarchiv_Bild_137-002552,_Türkei,_Anatolien,_Taurus,_Feldbahn.jpg