Which is not a security issue per se, is it? If the goal of the project is to self-host it and share it with family, then keeping the EXIF may be a feature.