The photo in question featured a (clothed) crotch shot of an unidentified man that was sent to Twitter via Yfrog. The congressman has denied that he posted the photo -- blaming hackers -- but has not outright denied that it was his picture.
The Daily Dot recently pointed out that Yfrog users had the option to email a custom address in order to post pictures to Yfrog and Twitter. You could email that address using any email account (without verification process).
So, let's say Weiner's posting address was [email protected]. If Weiner emailed a photo to that address from his government account, it would be posted to Twitter. If I emailed that address from my own account, any photo I sent would be posted on his stream as well. All a "hacker" needs to know is that [email protected] address.
All those addresses follow the same format: Twitterusername.[ ]@yfrog.com, and that blank space was always filled with a random word, five to six characters long, generated by Yfrog. So it wouldn't be that hard to fill in the blanks.
According to The Daily Dot, after it reached out to Yfrog for comment, the service disabled the email-to-post option. We're reached out to Yfrog for comment ourselves.
Of course, this supposed security hole could have nothing to do with Weiner's predicament. Weiner recently stated that his office is conducting an internal investigation using an outside firm to look into the origin on the pic, so we'll just have to wait and see what emerges from that.