1) What are the main considerations in building this with PHP/MySQL?
Image files (except for bitmaps) are generally already pretty well compressed, so you probably won't gain much, if anything, byte-wise by zipping it. Memory usage may be an issue, depending on how you do the zipping (via PHP built-in functions or calling command line functions via shell_exec() or whatever).
2) Are there any security risks in allowing users to the site to create ZIP files on the fly?
Probably not, as long as you put in safeguards to make sure they can only access image files from the appropriate directories.
3) Do the ZIP files have to be stored on the server first before downloading? If so, does that mean the user needs WRITE access??!
Possibly not, if the PHP zip functions let you write to any type of stream, in which case they could write directly to the output stream.
4) Some of the files can be 20MB+ in size so collectivly a ZIP file could be hundreds of MB in size - is this an issue at all?
The bigger the data, the more memory/disk space it will use, the more time it will take to process, and the longer it will take to send it across the interwebs.
