Okay, I've written up some rate-limiting code for the API. Will drop it in tomorrow I think. It will automatically ban sources for 15 minutes if they send a flood of requests (more than 100/minute). That way you can experiment without risking getting locked out for hours or days.
There's a WinHttpRequest script on lunarmani.com hitting us up to half a million times per day, so that one will need some work too.