The point is that blossom, using standard /upload API, does not allow for any manipulation of the media at all. If image is huge and has bunch of exif data in it, it will remain as uploaded. If client has a bug, or Android/iOS changes an api or something, the image will be exposed to potential leakage of metadata. Server could check and refuse, but I know that only nostr.build has it now for no_transform uploads using API (or account page). Some other servers may have it implemented too, but I don’t know of any.