Any registration fee needs to balance spam and attack-reduction benefits with potential downsides.
For example, the higher the fee, the higher the cost to legitimate recipients.
This is especially the case for newer projects that have yet to receive much funding. Such projects by definition have less budget to spend on acquiring new funds, AND face significant uncertainty about the amount of support they are likely to receive from a given clr.fund. As a result, such projects may be quite sensitive to the size of the registration fee.
This would not necessarily be a problem if the important projects already exist and are well-known, but one of the key value propositions of a large QF protocol is discovering new projects that are nonetheless valuable to a meaningful contingent of the Ethereum network.
Potential mitigation
Somebody (perhaps the clr.fund dev team) could run a recipient project each round with the express purpose of refunding the registration fee for new or lower-funded recipients who that team judges to be legitimate (not spam or part of an attack). This judgement could begin as a centralized decision (e.g. recipients can apply to the operator to get their fee refunded) and potentially evolve into a more distributed mechanism.