I have edited the profile tpl files and removed the section for uploading image profiles; but I am not sure if such susceptibility exists in other journal pages (the ability to upload an image in public folder whether from website interface or other methods and then get the exact path).
I have some pictures and logos on homepage content which is set from TinyMCE in settings page so I don’t want to disable it. instead, I deleted bio and changed affiliation to textbox field. I completely mutilated the profile page 