I don't know your experience. Once I was toying around and doing a basic auth with registration and so. The weekend was over and couldn't get back to that couple of months. The worker was quarantined and marked as phishing automatically. So I believe they have something in place to prevent those you complain.

Your anecdote just illustrates that their system detects legit uses as abuses, not that they have a system that effectively detects abuses.

But it is not that they have nothing. It was my laziness that I could not setup dev prod env's. When you develop on preview, I don't think they will do much.