Is there any reason to include the remote ip when using reCaptcha?

Because there could be a DNS/hosts reroute in place to allow the captcha to be parsed differently by a malicious user

One possible scenario is farming cheap labour to manually solve captchas and then submit them back with the form. Since the recaptcha only will serve the image once this is the lazy way to farm this out. ( redirect the requested image to elsewhere ).

If the IP address which requests the image is different to the IP address that requests the page then this would indicate this style of attack.

In some cases the past Google has refused requests without the remote ip. Later, they would take any string including a blank string. Now it seems optional. I imagine they are asking for the i.p to help with security both for your purposes, and to help prevent abuse of the API. The current docs mark it as optional, so feel free to omit it if you'd like.

https://developers.google.com/recaptcha/docs/verify

Here is a Google Groups post from 2010, where Recaptcha support implies that the remoteip may someday become mandatory:

https://groups.google.com/forum/#!topic/recaptcha/Q83LJKz4biA

Doesn't seem like it has happened. but it looks like they were considering making it mandatory at one time, and didn't go through with it. That's pure speculation on my part.

There is another reason - a lot of internal networks use recaptcha too - like on WiFi hotspots, and things like that.

In these circumstances, Google sees both the user and server's IP as the same, since they share the same connection. Giving Google the user's local IP allows the risk-assesment machine to do a better job of tracking individuals who are bruteforcing the picture-selection, which otherwise would blacklist ALL users.

< tinfoil> Also Google wants your data but can't always justify why < /tinfoil>