The script step is exeucted on the server, not the client. So the server would need to be able to reach out the workstation and grab the file to open and transfer it to the server. I'm going to say that this is not allowed given the current security features of browsers. It would be an obvious attack vector to get malicous files on the server.
It does that with any script that it runs. To import, it doesn't have to be an external file, it can be between two tables in the same database, or it could be between two databases which it hosts.