Currently, the maintenance/cleanupImages.php script will happily move files to names that would not be permitted for new uploads. Most glaringly, the current implementation of ImageCleanup::buildSafeTitle() may deliberately insert backslashes into file names, even though wfBaseName(), as called from UploadBase::getTitle() via wfStripIllegalFilenameChars(), explicitly says that "we don't want \s in our [...] paths".
Version: 1.24rc
Severity: enhancement