* (bug 14154) Captcha domain whitelist regexes now anchored, fixing spammable hole