Thanks for the offer to maintain the integration, although at this stage we're going to leave it in the sandbox. The rationale for this is that the prior < 2.0.0 releases required the end user to manually compile code in order to use the integration, and as such we do not believe many (if any) users would have actually deployed the integration. Removing it therefore probably does not represent a loss to the majority of users. More fundamentally, Captcha integration with Spring Security is an ambiguous requirement. The prior integration simply required human user verification if certain request frequencies were met. Instead, most Captcha usage is embedded within a page (eg a lost password page) and therefore becomes more of an issue of designing the view/controller correctly. Such usage is out of scope for Spring Security, as it's a web framework consideration. Additionally, the recent popularity of reCAPTCHA means any integration would need to be sufficiently generalised that it accommodates both, and for us to also address reCAPTCHA integration would represent additional time and effort.
We have not a final decision to permanently leave the Captcha integration in the sandbox nor promote nor remove it. It simply requires some more consideration and design, and at this stage we need to focus on completing the namespace improvements and documentation of the many new capabilities in 2.0.