Discord is a product, not a protocol, so it should be in their best interest to communicate the extent to which a third party application might misuse their data. This is the case with the new scopes that require ID verification now, backed by the promise that Discord will sue you if you break their conditions of using the data provided to you.

This has some other unfortunate side effects (user tokens can't be used for bots, third party clients are a risk), but unfortunately the only way to really curtail this behavior. Privacy is not something easily understood, especially for people outside tech that just want to be around their friends during the pandemic, do not be blind for this. Technology can't be the sole component of solving this issue, so I'm glad Discord is committed to legally perusing those that misuse their API.

> have realized that the term "bot" is being used in a very nonstandard manner.

For some additional context, Discord bots aren't that far off from IRC bots.

You invite a bot to your server, you give the permissions and channel access you want it to have, and it receives various events over the web gateway such as "Message Received" of which the bot developer can use to build elaborate command systems and various other features.

Prior to the must-be-verified limit of 100 guilds, Discord had a serious issue with scam bots that would mass-message users promising free bitcoin or "insert free thing here", and usually one the "steps" was adding the bot to an additional guild. This resulted in the bot quickly cascading past 100 guilds within a matter of hours before Discord support had even noticed the problem.

Once joined to the additional guild, it would scrape as much of the server content as it could and usually dump it on some sort of "discord user tracker" platform.

On top of preventing joins past 100 guilds, verification is also required for some sensitive capabilities such as querying the entire member list.