So, it turns out that due to the way Google reCAPTCHA hooks into forms, it bypasses the standard HTML5 input field validation. Not cool.
After a lot of research, and trial and error, I've updated the demos to show how to integrate reCAPTCHA whilst ensuring that the input field validation is still triggered. It mans that integration requires a small amount of JavaScript, but it's still pretty straightforward and means that StaticForms can use reCAPTCHA to identify spam whilst you can be sure that your forms are populated correctly.