We have noticed something similar. The issue related to this seems to be for us that members added to the SPAM group can still PM our moderators. Is there a way to stop that? I don't see any way of controlling the permissions of Spam Members separately.
Based on this suggestion I made the following changes to the core.php file for my 3.1.2 install. The idea being that if the user has an Avatar image set, but not a Photo then it will use the avatar image. If neither is set it should use the default image. I haven't fully tested it yet, but it seems to be working on the profile pages, but not in the 'Member' list.
at line 8053 in /sources/base/core.php. Change:
$member['pp_main_photo'] = ipsRegistry::$settings['img_url'] . '/profile/default_large.png';
On a somewhat related topic, do you simply have the ability to password protect a directory based on a members group? What I would like to do is use IP.Subscription to set up paid membership groups and then use that login to allow or disallow access to some various kinds of content. It could include RSS feeds, downloads, etc. I didn't know if maybe combining IP.Content, IP.Download, IP.Subscription was required or not.