I've been meaning to implement a stronger security system on my site to prevent bots from poking at the comment submission form. There's not a real need yet, since I haven't had any problems since I implemented the current security system. However, it's a very weak security system against more sophisticated bots, and if my site ever makes it big, I'll want a way to avoid any problems. I've got a few thoughts on how to make that happen, and we should see some kind of change in the next week or so.

Related -- I went ahead and implemented a javascript validator to make sure that the form doesn't even submit if the security code isn't properly entered. Previously, the form would happily submit and then dump the data if the security code didn't match the value on the server. Not good if you typed in a long comment, only to have the server toss out the data.