A password field it the best CAPTCHA to use for login forms. Since the spambots don't have an account (assuming that you use a decent CAPTCHA on your registration form and not one of those stupid almost obsolete image CAPTCHAs) they will not know of a password that is valid for any account to enter in to gain access.
Members only forms don't need a CAPTCHA because spambots will never be members.
So of the forms you list the only ones that need a CAPTCHA are the registration and login forms and all login forms already have the best possible CAPTCHA (provided that you have appropriate processing in place to prevent spambots from trying to guess passwords - a ten second lock after a wrong password or attempt to enter a password while locked would mean that if the spambot doesn't guess right on the first try and doesn't have at least a ten second delay built in between guesses that it will never get in, and if it does have the delay built in it will average many years between successful guesses).
For the registration form the ideal would be a CAPTCHA that is not visible - such as testing the time from when the form is first displayed to when it is submitted. To allow for real people managing to fill out the form too quickly by using a tool to fill out the form you could redisplay the form with a different CAPTCHA (such as a simple math calculation CAPTCHA) if the form fails the invisible CAPTCHA.
Any other forms available for anyone to fill out will probably need some form of CAPTCHA.
With forms you need to monitor the amnount of spam that gets through and when it becomes significant then you replace the current CAPTCHA with a more effective one.