Comment 43 for bug 1545092

Not sure I'd say it would negate it, but it could maybe slow it down a bit. Under the default setting, an attacker could add one image with the following result:

images table: 1 new row
image_properties table: 128 new rows
image_tags table: 128 new rows

This would have to be via separate API requests:
image_members table: 128 new rows

The problem is that these are system-wide quotas, so restricting image_property_quota to 5, say, would mean that all users have a max of 5 image properties. So maybe it's not worth mentioning.