Make something amazing, for anyone, at DrupalCon. Standard prices end on August 26.
The captcha.install still ships captcha_update_1 and captcha_update_2 which are unable to work on Drupal 7 due to their use of old functions. They also contain code which looks like an sql injection because they don't use db placeholders. There is not a sql injection, but it would be nice for code cleanliness and to reduce confusion with automated scanners (like coder module) to remove these.