Well ... whatever. I still say, let's see some rigorous proof here. Like in n-bit encryption, you can determine the computational resources (and their cost) required to break a particular n-bit code. Thus someone who wants to protect information of some monetary value has a good deal of assurance that the encryption method can survive an attack of a certain cost. Right now, all that's coming out are claims, largely based on Google's internal notion of what is considered "invalid".
However, I should point out that as a system that's designed to filter out some noise from web traffic, it's certainly worthy of discussion. That is not the same as assertion of correctness. Also, I'll just point out here that if they'd deployed this five years ago, when AdWords CPC was rolled out, with proper warnings about click fraud and other causes of ad account depletion, they would have been under far less scrutiny than they are now. Reasonable people will accept that systems have limitations, and that some fraud may not be detected. OTOH, people are much more unhappy about being kept in the dark, offered only platitudes about how the situation is under control.
Anyway, I may not be writing on this topic much more in the future. Hopefully, my recent forays into mobile computing will bear some fruit.