While ConfirmEdit is nominally owned by the Editing team, this is a historical accident that resulted from us adding CAPTCHA support to VisualEditor back in the day, and no one on the team (including myself) has any experience with the rest of it. I'm still going to work on this, but I'll try to get someone from the MediaWiki Platform team to review the changes.

Some throttle for login attempts treats logged in and logged out users differently, not sure what should be done there.

It turns out that nothing needs to be done about this. There are actually unrelated throttles for login attempts from an IP address (but not related to IP users in any way) and login attempts using a given username (so not relevant to temp users, since they can't log in).

This took me a few hours to work out, so I improved documentation: https://www.mediawiki.org/w/index.php?title=Extension:ConfirmEdit&diff=6079039 and the code: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/ConfirmEdit/+/952023 so that maybe the next person will find it easier.

Temp users have the same CAPTCHA requirements as normal users. This might allow bypassing CAPTCHA for actions that require it if it's possible to create a temp user account by performing some action that doesn't require it, so it should probably be changed to use the same requirements as logged out users, unless specified otherwise in the config.

This has been resolved in rMWdd2f898f86ee: Add temporary users to a 'temp' group, and stop adding them to 'user'.

I've asked folks from MediaWiki-Platform-Team to double-check, but I think this task is done.