A CAPTCHA is only going to be broken if:
1. It's a common kind of CAPTCHA which is installed on so many sites that someone will put the effort into breaking it
2. It's a very high-value target site, such as gmail or yahoo
In practice for most sites, where neither of the above two applies, nobody will bother breaking it.
If your site looks 99% identical to a zillion others, then your CAPTCHA probably will too (unless you make some custom mods) - so it will be able to get broken.
When I've had bot problems I've typically put in some very lame bot-finding stuff such as adding bot-fodder fields (sometimes hidden ones) to a form - with excellent results.
Truly automated attacks (i.e. ones with NO human input at all) don't get past anything that's at all different from what they've been trained on.
I guess this is the right place for it.
Right now the only effective attack against RECaptcha (that I know about, at least) is captcha farming. AFAIK you won't see farming attacks against anything less than a major site.
I saw the JS OCR code not too long ago as well. From what I have seen most of the ones that have been defeated lately are attacked by flaws in the code behind them letting a user bypass them and not so much an OCR attack like they used to be. Oh the evolution of spam, people need something better to do :-P