I just want to discuss if it make sense to avoid the user id in the thumbnail URL. It allows an attacker to look up the User ID that comes staid from the DB. There are lots of WP system hardening strategies that reference similar topics.
What you guys think? Make it sense to implement an additional name security/mapping layer? I would strongly recommend it.