Linked issue #1934482: Add an option to disable recursive imagecache preset path because even the fix was published two weeks ago, I can't see any discussion on that issue.
The itok token introduced in 7.20 prevents many sites from upgrading and causes many problem. Why not eliminate it and replace with two things:
- A no recursive option: I think it is much better than the 'image_allow_insecure_derivatives' variable because 1/ we care security 2/ no reason to have urls like example.com/sites/default/files/styles/thumbnail/public/styles/thumbnail/public/image.jpg
- A threshold to limit the concurrent image derivate generation request.
The drawback is you can have image derivates generated by hacker that you'll never use. But given that they are limited, who cares?
