I’m not a great lover of Captchas. They’re messy and inconvenient, particularly if you only need a sign-up form. Third party captchas, such as those provided by Google only really serve the interests of Google, Whilst third party form processors add a layer of uncertainty - if the third party service is off-line, then so is the form in your site. What needs to be incorporated into Blocs is the ability to add hidden fields and the option of submitting the form to a script on a server of the users choice. This would enable the use of more sophisticated third-party scripts with spam detection built in. I must admit, however, that I’ve never had spam problems with Blocs forms. Any spam that does come in is usually due to a manual form-filler sitting at a computer, rather than a spam bot and that only inconveniences me. The worst thing that can happen with spam email is if your script gets compromised and gets used as a spam gateway to other people. This can result in your server IP getting black-listed, or even a denial of service. Given that Blocs doesn’t display your email address in the HTML of the page, it’s quite difficult for spam bots to harvest the address.
One thing that could be done to minimise issues such as this, particularly if legislation demands that you display an email on your site, is to use alias email addresses on your site that redirects to your real email. If a large amount of spam starts arriving, you can change the alias on your website and create a new one. This goes some way to preventing the inconvenience of having to delete and change live email address that you may use for other purposes.