... all these complicated schemes to validated and revalidated are dumb.
Really? Why are you involved in bitcoin again?
It's not that complicated.
Three options
1) No images
2) Locally cache images
3) Accept that you may be attacked
Let me expand on that:
1) No images
2)
Figure out a way of solving the problem and save server costs3) Locally cache images
4) Do nothing and accept that you may be attacked