The new rate limits are imposed on the Management API, not the Authentication API.
From the Management API docs:
…the Auth0 Management API, which is
meant to be used by back-end servers
or trusted parties performing
administrative tasks. Generally
speaking, anything that can be done
through the Auth0 dashboard (and more)
can also be done through this API.This API is separate from the publicly
accessible Auth0 Authentication API,
which is meant to be used by
front-ends and untrusted parties.
In short, when users sign up to your application in your application using Lock or Auth0.js, these calls are made to the Authentication API, which will continue behaving as usual.