Currently building a SaaS, as i understand it it's a tradeoff between user growth and security, but from what ive seen, not enforcing authenticating allows a high volume of bot users/disposable accounts? Is this true? What is the best practice here?