Could, but when it comes to handling errors in the frontend, I find it is easier for the discriminator to be the actual status code when possible, rather than needing multiple additional properties.
Surely "when possible" should be "when semantically correct"?
I don't hate fun (see the threads on removing 418 from Node and Go for that), but misusing a joke status code in production to mean something completely unrelated seems less like fun and more like poor design.
There is no status code for captcha failures, so I don't think using 418 for that is "misuse".
By design, our API routes which utilize a challenge should not be consumed by others either, so even if using 418 somehow broke someone's attempted usage, that sounds like a feature not a bug.