Oh. You can imagine my confusion when I read this in an email promoting the new SA2 to me:
Ensure the data submitted though your forms meets your standards. Advanced server validations, including Captcha, are available to apply against the forms created in SecurityAssist, or any form you develop on your own.
It appears I can benefit from the new features in SA2 but bought it initially for the standalone captcha implementation. (I could return it under the 15 day guarantee but think I'll hang on to it for later projects).
I'll check out the Toolkit or redo my forms to be SA2 from the ground up. Meanwhile, there should be more careful copy editing on the e-blasts! :)
Thanks for the response.