The code to init CAPTCHA for guest posting is currently before the posting auth check, also no posting auth is checked there, thus CAPTCHA data is being generated by guest sessions regardless of the guest posting auth setting.

That may lead to unreasonable raising of CONFIRM_TABLE sometimes even when guests have no auth to post messages.