We have found that in all the places we have used WebAssist email, forms and or insert behaviors Bots have now found ways to exploit them. I don't have anything by anecdotal proof, which is out of 50+ websites we dev and manage, the 23 that have the WA email are being hammered by the form bots.
CAPTCHA, Honeypots, and simple JS checking is rendered meaningless by the bots. Unless Web Assist can come with the an answer, the only course of action is to replace the Web Assist forms/email/error checking. We have replaced the code on about half the sites and the bots have been held at bay for a over a week. (they were hitting the form 50 times a day).
I don't post this to be harsh to WA, just honestly looking for a solution outside of removing WA code.