Someone could easily misuse the directory permissions. A better solution would be change the picture directory permissions to 722. This allows users to add pictures to the picture directory while preventing a bunch of malicious attacks.
I can think of some already...
1) Someone uses the upload feature on your website to upload a malicious script to the server. They then enter some shell escape sequences followed by a command to execute the file in the same picture upload feature.
2) Some uses shell escape sequences to view directories, processes, open source files, view payrolls, and other files that don't have properly set permissions.
3) Someone uses shell escape sequences then execute rm -f * in the picture directory.
If your script filters out shell escape sequences and don't allow users to have execute permissions then alot of these attacks are preventable, but there's still more.
Just a few words of advice.