Few points here.
- We use ajax based validation which does not require user to enter anything. There is some sophisticated logic behind that.
As for captche internal logic there are two options.
- Do not use session cookies for captcha validation, this allows to have instance on one domain and embed code in n+1 domain without any issues. This is the default captcha logic.
In general I recommend to use second option if you have chat installed on the same domain and use the first one if you have installed chat on different domain.