He is talking trolling about embedded images that are server-side. Even if this is possible somehow (I doubt it) then the server will fetch the image using Tor network and our "genius" will see Tor exit node's IP address in his logs. His posts at the end sound hillarious. How can someone know about all this stuff and have completely wrong understanding even in the basics? Maybe he is a so called "white hat" who just finished 5 year training in computer security?
Now, it's possible to set up your server so that the software running your hidden services can't access the internet except over Tor, but it's fairly non-trivial.
Most secure web servers would be double-NATed behind a stateful firewall that won't even allow the host to initiate outgoing connections to the internet. The host is only allowed to make make HTTP/S responses back to the internet. Patches, AV signatures, software updates, are all delivered from an internal host. This is standard practice to when attempting to comply with PCI-DSS, SOX, etc.
With a Tor hidden service, you just change the firewall rules so that the host can only send responses back into the Tor nework. Never allow it intiate a connection into Tor or out to the internet.
I'm pretty sure SR is not run by amateurs and I'd expect it's security to be on par with that of banks and financial institutions. Uploading a script and getting the server to execute it to give out some external IP address (which may be far away from the actual location), yeah whatever ....