Yes, this is a little dangerous, but manageable if you are careful. And AFAIK you can make the whole directory available.
You need to create a directory that can contain accessible web pages. Your chrome.manifest looks something like this:
content your-add-on chrome/skin/web/ contentaccessible=yes
Put your image in a directory chrome/skin/web/and it will be available, and it will be available as follows:
<img src="chrome://your-add-on/content/installed.png"/>