A user can already choose to reduce their account security, by reusing passwords, choosing common passwords, not using 2fa, etc. Allowing a user to choose to not have to complete a CAPTCHA before a login attempt, or allowing the user to choose to not require their account to have a phone number in case of suspicious logins, is reasonable, and would make many people who care about their privacy respect Discord much more.