In my opinion, the main problem is that the interface doesn't make it abundantly clear that you're generating and sharing an unauthenticated link to the photo.
Compare this with OneDrive/Office 365, where all the language around this functionality is explicitly about links ("Get a link", "share a link", as opposed to "share with this user"), and the UI prompts that appear are very explicit about what the link does ("Anyone with the link will be able to edit the file", "Anyone in this organization with the link will be able to view the file").
I agree that office has a nice granularity there, but the UI is not very good. People don't understand that they have to share a specific link to a document and they can't just copy & paste the address of the page they are seeing ... Link shared -> "don't have permission" -> sender replies confused that the link works for him is an exchange I have seen way too many times.
Compare this with OneDrive/Office 365, where all the language around this functionality is explicitly about links ("Get a link", "share a link", as opposed to "share with this user"), and the UI prompts that appear are very explicit about what the link does ("Anyone with the link will be able to edit the file", "Anyone in this organization with the link will be able to view the file").