This came up in an internal discussion. Putting it up here so we can track it.
Discourse image URLs on a invitation-only forum are still publicly viewable. Although these URLs are technically unguessable, e.g.
… some internal communities deal in such sensitive information that outright disallowing any viewing of these images would be preferable. We do already have a setting for
prevent anons from downloading files, so the suggestion is to have something similar, but as a global flag for all images & other uploads.