When exposing anonymous SmartForms to the internet or on a corporate website, there is currently no built-in way to prevent malicious bots from submitting the form and potentially creating millions of illegitimate entries.

Adding a custom CAPTCHA type implementation before the form loads is not sufficiently effective seeing that once a malicious user gets passed the CAPTCHA prompt it would allow them to see all the SmartForm requests that can be used by a bot to submit the form automatically.

A built in CAPTCHA type control and integration would be best - The idea is that it would allow a solution designer to select their preferred CAPTCHA provider (google reCAPTCHA etc) and then group rules/actions that requires a successful CAPTCHA challenge which is also validated server side when server side executions like SmartObjects and Process Start actions occur.