Are reCAPTCHAs less secure than other CAPTCHAs that use random characters instead of words?
Because we ask users to enter two words instead of one, we can increase the security of reCAPTCHA against programs that attempt to guess the words using a dictionary. Whenever an IP address fails one reCAPTCHA, we can show them more distorted words, and give them challenges for which we know both words. The probability of randomly guessing both words correctly would be less than one in ten million.