PSA: Yes, apps can access and upload your Camera Roll too (but that's nothing new)
For a long time now, Apps have been able to access your Camera Roll as long as you give the app permission to access your location. The reason it needs that permission is that there may be geolocation (GPS) date included in your photos, and Apple protects that. Once you grant the location permission, however, the app has unfettered access to your photos and can do pretty much anything it wants with them, including great things like applying filters, doing edits, and sharing via social services. That's how all the popular photography apps work.
It's a non-intuitive, and frankly a little confusing way to handle Camera Roll access, but it shows Apple has thus far focused on protecting location data more than other type of data, including your photos. That means, yes, theoretically, a fake, malicious app could be created just to trick you into giving them location permission, and then they could steal your photos.
But that could happen with all sorts of content, with all sorts of malicious apps.
So is it worth pointing out? Absolutely. Is it worth sensationalizing? No, of course not.
This issue with the Camera Roll has been widely known for years. It's not new. It's just timely given the recent brouhaha over iOS apps uploading Contact information without permission. (Which was also widely known before the latest outcry.)
Apple has indicated they'll be adding Contact permission settings in a future update of iOS, perhaps even iOS 5.1 expected to be released next month alongside the iPad 3. However, there's a greater issue concerning iOS and privacy, and the manageability of privacy options that Apple still needs to address.
So, while nothing new and a tad sensational, it's good that these issues are getting attention, and that privacy is considered something platform makers like Apple need to keep in mind. Hopefully the renewed attention leads to better privacy protections for everyone.