The attacker still just gets 1 guess per wormhole / send request. Each send-request / wormhole is its own separate thing.

I'm still unclear on a couple of things. How do you even know which send request the attacker attempted to attack if only the codeword identifies the send request, and the codeword was wrong? Also, what stops an attacker from trying again - alternatively, what stops an attacker from doing a denial-of-service by purposefully guessing the wrong codeword?

The codes have a small number in front; these are the requests. So if the server did allow 65k requests, each one would be a different number. You can guess once per request.

Yes, an attacker can denial-of-service by guessing once on all the (possible) requests. There is some work towards stopping this sort of behavior (see e.g. https://github.com/warner/magic-wormhole/issues/126)

Thanks for the explanation!

Probably all "slots" would be "occupied" and everybody gets the attacker's sent file, iiuc.

Or the attacker only needs to monitor the last free slot to see what shows up?

Seems to work both ways. Receive random file from unknown people or send chosen file to unknown people?

EDIT: was just explained in other comment by meejah, thanks! (https://news.ycombinator.com/item?id=14649727#14650551)