Thank you! I tried adding a user agent to the CURLOPT_AGENT but that was unsuccessful.
This was Marketo's response when we brought the issue up with them:
We do not support the method in which these Marketo servers resources are being called. After a further review of these cURL commands & responses, I've found that it appears your teams developers have attempted to reverse engineer our embedded forms API & have scraped various URLs in an attempt to access Marketo server resources in a custom way. The URL that your team is trying to access is a private URL that will only process requests for Marketo servers, this is why you will not see it in any of our developer documentation as a possible way to access Marketo form data. These CloudFlare captcha requirements are our servers essentially letting your team know this is not a valid way to access those resources.
Given that, rather than hashing this out on the Nation message me and I'll share the workaround.