According to this recent article at Washingtonpost.com, a few months ago, a woman uploaded some pictures of her children skinny-dipping, along with about 50 other photos, to the online photo site Flickr. The woman was careful to mark those pictures of her children as "private". However, a couple of weeks ago she noticed that the private pictures had been viewed thousands of times, while the other photos only had about 20 hits.
Different photo-sharing websites have different policies regarding the privacy of photos. Flickr, for example, automatically designates all online photos as public unless otherwise specified. Other sites such as Shutterfly and Snapfish keep photos private unless the user indicates that they can be shared.
It turns out strangers can access a photo- whether public or private- if they have the full URL. Figuring out the exact URL, which usually contains random numbers and letters, is difficult but not impossible.