Myself I would require that the root folder be created by admins. That way the user that Weblogic runs under would not have permissions above that level. If there are sub folders it would depend on how they are being used.
As long as the folder is distinct from other folders it shouldn't matter whether it is under web logic or not. Might be easier if it wasn't since then it wouldn't depend on the structure of Weblogic itself (in providing docs for it.) But a configuration value that specifies the location would allow admins themselves to define.