Image management works effectively the same way as file management behind the scenes. The primary exception is that there is no ability to secure draft image content by default.
When an image is uploaded, it is automatically on the web server and visible. Without this visibility it would not be possible for contributors to preview the image.
The "visibility" of the image is obviously restricted to those who know the exact URL of the image and is not something that is likely to find its way to the general public without linking the image in an approved content item.