Haven't had a problem with remote include attempts since switching to phpSuExec.
Yeah, I could recode to use htaccess and addtype as well but it's a pain. Either way, it's still a dynamic image.
phpbb was just a disaster waiting to happen. Only surprise is that it took so long to surface!
I don't see a problem with image code though as long as it's parsed as an image by the forum.
The worst that can happen is someone finds out what OS and plugins you're running. Opera and Mozilla based browsers return that info and more with a little javascript anyway and just about everyone's got urchin.js on their system now which I'd be a lot more concerned about
