I'm working on a rate limiter for my foocaptcha backend. During testing I DOS'd my server, so I think a rate limiter with authentication is appropriate.