That is a fair attempt. The weak point of course is the bit of data which stores which image you chose. If the attacker is able to read that, then he can display the right image.
1) If the attacker can scrape the screen, they can detect which image you are using - securing the entire pipeline to the screen is hard.
2) 10,000 images is way too few.
Even if we can assume an even distribution of images, as an attacker I can serve the same image to all targets, 1 in 10,000 will now think that they are interacting with a trusted component
