Please add an option to allow users to decide whether the security is on or off. When the account name matches the user who disabled the security option, don't ask for the captcha. It breaks 3rd party uploading softwares. There are too many restrictions on web upload and FTP upload. With web upload, I cannot just add hundreds of files and go sleep. With FTP upload, it's too slow and simultaneous connections are limited, and it takes extra time to get links from the file manager.
Not all users use the same account & password on various websites (Crackers usually create phishing websites or crack websites and add backdoors on login pages to collect usernames & passwords. And they use the list to steal accounts all over Internet. Hence you could see they stole accounts without any failures or just 1 ~ 2 failures). The new security improvement only can prevent users from fully automatic cracking. When users have sufficient knowledge and tools to avoid such circumstance, you should give them more convenient options. If it's too hard to implement (although I don't think so), at least you should let us add static IP addresses to the whitelist. In addition, the two-step authentication is the true solution to improve the security. It also won't bother a machine anymore once it ever logged on an account successfully. Your current reCAPTCHA mechanism just need a redirection to the crackers' user interface. They can hire someone to select right soultions manually and user accounts are still stolen in a lesser efficient way. The "improvement" just retards the cracking work a little. It doesn't help much, but bothers uploaders a lot.
It only took me 10 seconds to schedule my upload jobs and I could go sleep, and it only took me 1 second to get all download links when I waked up. Now it becomes more than 30 minutes. It's too hard to work with you in such way.