This is not a valid fix. Disabling a security feature just because that's the easiest way to make something work is not a good idea.
Of course there are no checks if you put the image directly into the content directory. But that's like if you'd edit the WordPress database. There can't be any protection here.
As far as I can tell, not a lot of users actually host their Kirby sites on Windows servers in production.