True, but if the proper image tag is limited to a max of, say, 65x65 that will save the display of the forum. It still means that the full image has to be downloaded by the client browser and scaled, but at least the bandwidth that's being used isn't from the forum server. :) But if the admin-set variable is 65x65, that gets suck in the tag and the client browser will scale a smaller image up or a larger one down as needed.
And heck, I change my image all the time... For the forums that allow url'd avatars, I point at a symlink and then I change the symlink to whatever avatar I feel like using. I keep them at 65x65 and around 4K for the most part.
There's a certain level of trust involved in any case. If you're not going to trust users enough to allow HTML or the markup tag in signatures or posts, then you're not going to allow this feature anyway. (A futher enhancement would be to have it allowable by user to squash those that might abuse the feature.)
And I think something like this would be used by businessmen... What I'd worry about most is company advertisements being used for the avatar. Which is a good reason to never, ever, allow an avatar to be clickable... Or at least make the admin modify the template themselves if they want it. ;)
--gleep
Hello! I'm a signature virus! Copy me into your signature and help me spread!