You can limit it a lot to minimize the abuse. In free entrypoint, set token and context limits to be very small. Limit to 2 prompts per IP or something every X hour. That is already a substantial limit where bypassing might not provide much benefits.

Residential proxies are too prevalent for IP address limits to work effectively.

Is there some public research that how often, for example, people download malware that allows this?

You can use cookies to track usage history