I'm sorry but I feel this issue needs it's own thread.
Initially I was very miffed that my old avatar had been casually thrown away and replaced by an image of a grinning idiot.
Then I baulked at the idea that gravatar can track people all over the net. I was however willing to ignore that.
I did block gravatar at this end, not for security but just to get rid of all those ugly auto generated images on the page.
Now I find stories like this:
In 2013, folks reversed the MD5 hashes of email addresses in a data dump to recover 45% of email addresses at a large forum
, by exploiting this weakness in Gravatar (the ability to reverse MD5 hashes of email addresses). This is more evidence that email addresses can be recovered despite the use of the hash.
Now, this may pose a small risk, and things may have been tightened up since then. But really why expose yourself needlessly. And especially sinc ethe results are so ugly on the page anyway.