As an added concern, the way SMF handles attachments is hilariously broken from a security standpoint. It's on my list of things to fix, but perhaps just disabling it is a better way to go.
I agree that it hardly ever gets used for anything other than old memes posted by school kids. But I also see Jeppspace's point about PDFs and other documents (though, again, mild cybersecurity concern since pdf and docx files are common attack vectors). We could just stop accepting *image* attachments.
Another possible approach would be to restrict privileges for low post-counts. Members with, say, less than 50 posts could belong to a special member group that disallows them from doing most abusable stuff.
Obviously, these three approaches solve three different problems, but personally I think the post count based restrictions might be best for us, combined with continued work to make attachments less terrible.