`/register`: only captcha to obtain ids?
Google CAPTCHA is good to ensure a human use the app.
But it's not a really secured authentication process.
It can be cracked by "Mechanical Turk" API. (ie. 2CAPTCHA)
(and, on client side, the usage of web view is potentially dangerous for runtime security)