Whenever a file is linked to with a size specification, e.g. [[File:test.png|thumb|123px]], a new thumbnail is generated in that particular size, and saved to the disk. This is generally a good thing, because it minimises the amount of data the clients need to download without losing quality at that display size. However, this is also an avenue for denial of service - someone could create many links to different images with non-standard sizes, intentionally or unintentionally, and therefore overload computational (temporarily) and storage resources on the server.
Therefore, I propose an option which would either limit the number of stored/generated thumbnails or limit their sizes to a particular set (e.g. powers of two) - however, this should not come at a loss of functionality. Whenever an image link requests a size which can't be generated, for whatever reason, either the next-largest or the next-smallest image is sent, with relevant CSS styles to resize it in the browser. The decision between next-largest and next-smallest would be governed by a user-preferences option which would default to 25% i.e. send the smaller image if the larger image is at least 75% larger than the target size (this should probably use the thumbnail area for comparisons rather than the width, if it's not a major performance hit).
This proposal is especially important for public deployments with large amounts of (especially non-technical) users and/or tight limits on disk space.