Cool! Glad to see this isn’t a widespread problem. 
I did just have a closer look and can confirm that on my site, the discourse hcaptcha enabled site setting is not selected by default which is correct. The plugin is not enabled by default on our hosting (or at least on the starter plan I just tested). However, when you enable the plugin, the discourse hcaptcha enabled setting is enabled already.
So this does seem to be a case where site owners can shoot themselves in the foot accidentally and without any warning in the admin interface. If you enable the plugin and then enable discourse hcaptcha enabled, but don’t provide the keys (or provide incorrect keys), no warning is shown in the interface. There is also no guidance on how to get an hCaptcha account.
Instead, an error is shown on the signup form and it’s impossibel to sign up.
