Ill see if I can put some limits in there, it is possible to determine the image size before trying to manipulate it (
getimagesize).
You blame users, I blame PHP coders.
I blame both, users should know better in this day and age, the image that was uploaded could have been no more then 1000px wide and still be completely legible, and those that do know this and still upload huge dimension images are just lazy. SMF preventing this kind of upload is preventing users from doing dumb things they should know better about in the first place.
SMF programmers should have put a width/height limit to uploaded images, but with the million other things that have to be considered during design, little things like this easily get overlooked and later fixed. And I wouldn't be so fast to blame PHP coders... this in reality is a minor issue in comparison with the issues that come out of other languages such as bufferover/under flows in C/C++, and improperly implemented security (ie, PS3 rand function). Remember that SMF is free open source software with pretty much no funding, if a company like Sony with millions of dollars can't get their flagship product's security correct the first time around, what chance does the average Joe in their spare time have?