We're using an SMF plugin that checks all registrations against
a database of known spammers. So far, only one has slipped, and reports for him started flowing in today (one coming from me).
Before that, when we had to approve everyone manually, I tended to err on the side of not accidentally denying a legitimate member, so I let some of them slip - but we got rid of them asap. That said, I checked all accounts with 0 posts against this database and found no confirmed spambots. We shouldn't remove people's accounts just because they didn't decide to post. That'd be a dick move.
If we get a confirmed spambot that slips through the filter, we'll take care of them accordingly and make sure they get added to the DB, for the benefit of this site, and all others that use stopforumspam.com