Just throwing it out there: what about server farm resistant or bot net resistant?
We are aware of that but it's difficult to truly achieve it. You can't just implement some IP restrictions and think it's done. There is much more about this to do. It's a point for later. First of all we want to get the hash function CPU 'friendly'. Any other 'restrictions' will be included after that.