This setting is way too low by default if you are using Discourse in a large organisation.
One of our clients hit the limit within days of launch, 3 users is way too low.
I completely missed this setting (we have a closed forum, users are moderated after signup, so I completely skipped the “Spam” part of the settings) when setting up. I only found out by chance, when someone reported via our support-desk.
I suggest to up this to something higher (e.g. 25) by default, if spam turns out to be a problem, users will find this setting and can consciously set it lower.