A CAPTCHA is only going to be broken if:

1. It's a common kind of CAPTCHA which is installed on so many sites that someone will put the effort into breaking it
2. It's a very high-value target site, such as gmail or yahoo

In practice for most sites, where neither of the above two applies, nobody will bother breaking it.

If your site looks 99% identical to a zillion others, then your CAPTCHA probably will too (unless you make some custom mods) - so it will be able to get broken.

When I've had bot problems I've typically put in some very lame bot-finding stuff such as adding bot-fodder fields (sometimes hidden ones) to a form - with excellent results.

Truly automated attacks (i.e. ones with NO human input at all) don't get past anything that's at all different from what they've been trained on.

Slarty