Mark,

My concern with this comes back to abuse. I don't want groups.io
<http://groups.io>; to become an image serving company.

Or general file serving. I understand that concern, and realize that abuse detection and mitigation impacts what's feasible.

I would want to come up with a system to throttle image serving in
case a URL gets out in the wild and becomes popular.. I can do it,
but it'll be some work and I'm not sure about where this would rank
in terms of priorities.

Maybe "trust but verify" first. That is, come up with a way to measure and report the usage in a way that would alert you to abuse. Then figure out how to throttle it if and when the alarm goes off. Then you'd be able to see the use and abuse patterns before deciding on a mechanism. Of course, that assumes that the onset of trouble is mild rather than DOS-inducing.

-- Shal