mapkycacute, although my experience of comment spam/login attacks is that they're almost always curl scripts that enumerate the form and then post directly to the form action, so don't load any resources (and so won't load their fancy .js stuff). Nice idea, but I think needs more work...
