Theoretically, as long as filenames are unique there is no technical reason why you need to add such a randomized string. However, I suspect those strings are there for privacy concerns.
Imagine if your filenames were simply the photo's unique ID. A bot could systematically scan your entire site getting all the photos simply by incrementing by one. If your users are uploading photos but they don't want everyone to be able to see them (such as with Facebook or private photos in Flickr) then this is a very insecure system. Adding this random string helps hide user's content from unauthorized access by making links harder to guess. This is vaguely addressed by the "How Secure is ImageShack?" question on ImageShack's FAQ.
The combination of unique identifier + randomized element
means both easy calculation of unique IDs (increment the identifier by 1) and easy addition of a random element (generate a string and append it to the ID). Much more efficient than computing a completely random but still unique identifier.
Technically, a fully random filename would be more secure but even the addition of only three alphanumeric characters (a-zA-Z0-9
), a la ImageShack, means that for each unique photo ID the filename could be one of any 52*52*52 = 238382
possibly filenames. All of a sudden, anyone scanning your site to find user's photos isn't having much luck.