Auth captcha not implemented for sensitive operations

CAPTCHA challenges are not implemented for sensitive public-facing operations like user registration or login pages, especially after failed attempts. This makes these forms more susceptible to automated bot activity, such as credential stuffing or spam account creation.