1. Most bots do not go through the effort to processing javascript on a browser page because it requires more (way more) memory and processing cpu time per connection. They generally will find a form and then use a looping script to insert data into the form to overload or saturate the backend. The goal is usually an SQL injection or buffer overrun to gain access to the backend or or denial of service attack to prevent visitors from using the service.
2. So by moving a honeypot field into javascript, you will be able to prevent form spammers who won't take the time to attack using these methods. To add a layer of complexity, you could use javascript to add and additional hidden field to the form dynamically and process its value.
A honeypot/honeytrap is a well-used security term used to describe a method of trapping and preventing security holes. I am preverting the term slightly for this case in trapping spammers.
Methodology:
create a custom field in Marketo, it really doesn't matter the type but using a number makes it easy
write some javascript for the page with the form, my preferred library is to use jquery, that will
add a hidden input using your honeypot fieldname to your form with a default value, such as zero (0)
hook (bind) the visible input fields using the onBlur or onChange events in javascript to then update the value of the honeypot field to one (1)
upon form submit, build a receiving campaign in Marketo to check if the honeypot field is not 1 then the lead is most likely a spammer and you could then delete it, quarantine it to a list or whatever else you deem appropriate. There are a select few internet crazies who don't run javascript on their browsers and unless you are in the security or software development markets you shouldn't have to worry about this.
OnBlur event is a javascript event trigger that fires when the field currently highlighted moves (or loses focus) to the next one.
.png)