When $wgAllowImageTag is enabled, sysadmins and sysops should be able to manage what values for 'src' are permitted.
It believe $wgAllowImageTag should respect $wgAllowExternalImagesFrom & $wgEnableImageWhitelist.
IMO it should also respect $wgAllowImageTag . However if $wgAllowImageTag also used $wgAllowExternalImages , there is a small semantic change to the variable $wgAllowImageTag . e.g. a wiki might want <img src="..."> but does not want raw image links in the wikitext to be rendered as inline images.