I’m generally annoyed by the precautions designers take against shoulder surfing (Windows WEP key entry, anyone?), but this is clearly a mistake:

Really, there’s no need to protect a CAPTCHA from shoulder surfing.

This post is tagged