There are plenty of implementations for locally generating captchas (cool-php-captcha is a popular one). Bitcointalk uses the stock SMF one. They are obviously easier to crack than something like recaptcha, but they do provide some kind of protection. Most Tor hidden services use them, it's generally a bad idea to include external elements on a hidden service and most captcha services use javascript too which is problematic with TBB.

It's a very plausible explanation, in fact according to the FBI Ross had written in his logs that on a number of occasions he had found/introduced similar IP leaks on SR and the SR forums and had to move servers a couple of times and the alleged dates of these incidents seem to coincide with downtime of SR and SR forums.

On top of that it looks like Christopher Tarbell was on this case, he has made a name for himself having taken down many high profile cybercriminals - in fact even for similar mistakes such as this, Sabu (LulzSec hacker) was caught by Tarbell because he leaked his IP when connecting to an IRC chatroom,

I'm not sure why they kept the method of discovery of the server secret until now though. I'm still not entirely convinced Ross is DPR either, their evidence on this end is HIGHLY circumstantial IMO.