As an experiment, I created 1000 users automatically with long text for the username, website, interests, email, etc. I also inserted meta info for them (so, 1000 new user rows, 4000 new meta rows.) I checked the size of the Data_length and Index_length in MySQL.
With 5 users, I had this:
bbpress_users Data_length: 524 bytes
bbpress_users Index_length: 3072 bytes
bbpress_usermeta Data_length: 708 bytes
bbpress_usermeta Index_length: 5120 bytes
With 1005 users, I had this:
bbpress_users Data_length: 384,524 bytes
bbpress_users Index_length: 142,336 bytes
bbpress_usermeta Data_length: 280,708 bytes
bbpress_usermeta Index_length: 146,432 bytes
So, 1000 additional fake user registrations used about 1MB of disk space. In reality, the data I used for the fake registrations is far longer than any spam registration I’ve ever gotten. In fact, the average row length for bbpress_users went from 107 bytes to 382 bytes since the fake data I used was so ridiculously long. The bbpress_usermeta didn’t go up as much: from an average row length of 52 bytes to 69 bytes.
Bottom line: 1000 spam registrations, if they actually did occur, would not hurt anything at all. To prevent those registrations in the first place though, I would use Akismet and the “enhanced registration” plugin. Then you don’t need to worry about the registrations at all.