Through the Public API, removing a User object with an empty (no value) Image attribute will trigger a recursive delete on the installation root.
1. Removing the User triggers a delete operation on all its attributes,
2. The Image attribute will trigger a file-system delete on its stored image data
3. LocalFileService::remove will receive a blank string "" from the ImageStore::deleteFieldData method
4. LocalFileService::remove will in turn use LocalFileService::getFullPath to turn that into an absolute path, relative to the installation root. This absolute path, since it's being built out of <installation root> + <nothing>, is simply an absolute path to the installation root.
5. Since the $recursive argument is true, this will cause a recursive delete on the entire installation root .