In this case thats probably fine. It does remind me of a time when a bitcoin keygen site was declared safe because it didn't make any network requests. Only to find out later that it had a malicious random number generator that generated predictable keys.

In this case its possible that the site encodes the data back in to the image but that seems unlikely.