Re: CAPTCHAs can FOAD.
I have a home-brew captcha on a not very important page that asks you to solve a fairly simple subset-sum problem and rejects you if the answer comes too quickly.
Come to think of it, for most of our purposes (not a commercially interesting target), I could probably just require that the form submission is more than 5 seconds after the page request, with no security feature at all.
Biting the hand that feeds IT
