Where can CAPTCHAs be used?

[swaldman]

For reasons of testing, I'd like to discover everywhere that DW uses or can use CAPTCHAs. This includes not just the places that they are used on the live site, but places that they *could* be used by turning them on (since other sites using the code might do this).

So far I have a slightly cryptic list taken from the end of config.pl, which is

• create (account creation)
• lostinfo (forgotten password)
• validate_openid (any ideas? Is this if we're providing an openid to another site?)
• support_submit_anon (guessing at support requests without a logged-in user)
• anonpost
• authpost
• comment_html_anon
• comment_html_auth

The last four seem obvious, but also seem to duplicate some journal-specific settings... perhaps they're overrides, or perhaps the settings have been superceded... but my main question is, can you think of any other places that CAPTCHAs appear, beyond those listed?

Thanks :-)