What security issue is there to let people link to avatars on a different server? Don't think I've ever run or used a server that didn't allow that, or do you mean some other way of using them on another server?

The possibility of cross-site scripting vulnerabilities for remotely hosted avatars.

so if i have a malicious java script it can be linked to a forum with

?

It's possible.
http://www.auditmypc.com/network-security/network-security-1252005.asp

Ahh ty Tom, I didn't realize people could run scripts through their images when using them for avatars in forums and such.

I'm not saying it isn't safe to allow it in SMF forum. I know of one SMF forum that got hacked about a year ago and they allowed remote avatars. That was a couple of revisions ago, though. All open source projects are pretty decent about repairing vulnerabilities in the code. If you noticed the date in that advisory, it was 2005 and that issue has been addressed. I'm just saying it's possible if the code doesn't parse the user input correctly, and that goes for any user input anywhere on a site.

Wow!