You can allow users to upload images, the risks of allowing that are low but risks do exist so you should decide carefully. For example there have been in the past vulnerabilities in operating system processing of .png images for example and when that was a vulnerability it was possible to craft a malicious .png file. That said, the risks are relatively low for a fully patched system.
Under Administration > Permissions you will find "Roles than can browse and upload but only in a user specific folder"
you could either create a new role to allow some users to upload images, or you could allow "Authenticated Users" which is a role assigned automatically to all users who register on the site.
Users in the allowed roles will see an image toolbar item when they post in the forums, allowing them to upload images and post them.
The forum filtering by default allows local images with relative urls, so granting the user upload permissions should be sufficient to allow them to post images in the forums.
It is also possible to allow any image from any url including external urls, by adding this in user.config:
<add key="Forum:AllowExternalImages" value="true" />
Note that changes in user.config are not automatically detected so to make it see the new settign you need to make a small edit in Web.config ie type a space and save it.