But it does not. It reduces it to 1 request per second, at least, per core, per machine that the attacker control. A single attacker can still send millions of requests per hour at very low cost, limited only by compute resources, which is what CAPTCHA is supposed to work around (by challenging the human not the machine).

Downthread, emurlin has done the calculation for the actual cost of the deterrent and how bad it is compared to CAPTCHA: https://news.ycombinator.com/item?id=37056504