I know it's not ideal, but I fully understand the whole situation. Let's focus on making Mbin better for the existing users who are now experiencing CSRF or log-out problems. Hopefully after that, we can focus on improving anti-spam (since hcaptcha is not preventing any spam accounts for some unknown reason).