Nothing really stopping somebody automating the creation of those either when you're up against people with ridiculous amounts of cost-free (read, botnet) resources to spam with. The Bitcoin reddit gets flooded with spam on an almost minutely basis despite reddits heavy rate limiting and captchas.

I agree a lot of this becomes cat and mouse game but rate limiting is necessary for the health of their system if not to counter same basic spam prevention. Ideally you want to remove the incentive to spam, which in this case is figuring out emails that have registered coin base accounts that could later be phished.