That's a good point, perhaps a check could be performed at each login?
I've got an old avatar upload script that doesn't allow images greater than 8kb to be uploaded, that I've used since v6.05, but since this new version doesn't support avatars the way the old avatar hack did (i.e. a 'custom' directory where only files with the proper filename could be used as a custom avatar), using this script by itself would be pointless, since people could just upload their oversized avatar elsewhere and then set their custom avatar URL to it.
If there would be a way to renovate the old custom directory and member-number-as-filename method, that would get the same result, but I'd like for people to be able to use their own servers to upload things, if they like, as well. But at the same time, I don't want hapless n00bs using 200kb pics either
Thoughts?