actually that idea is great for webstuffs.. the browser seems to have no problems interpreting <img src="image.cgi">

right .. cause it's the mime-type that matters, not the extension ..

Won't this cause any freakies , i mean, doesn't that attract unwated attention to what i'm doing? If this is a sensitive site, for example.

Well, your concern was that if there was a behind-the-scenes handler for image.png that a future maintainer wouldn't realize it. That aside, if you think that naming it "image.png" vs "image.cgi" is going to protect you, you're relying on security-through-obfuscation and that's a Bad Thing (TM). Either you trust that your script is secure or you don't (and since there's no user input here, shouldn't be that hard to secure it... might want to worry about throttling though) ..