Of course the vandals are finding their way round captchas through the use of better image recognition technology, hence the increasingly illegible text, and by the use of minimum-wage humans somewhere in a cold warehouse deciphering the damn things all day.
Despite that captchas are still quite effective which is why they appear on almost all major sites. They have one huge advantage: there is no need for prior information about you. They are a guard that can precede registration or fit nicely into a casual process such as commenting.
Ever tried logging into Facebook from a new or recently-cleaned computer? It feels like you're challenged by the triple heads of kerberos: password, captcha, then the ultimate test: identifying people in your and your friends photos. A brilliant mechanism but it relies on having access to names and faces ruling it out for the vast majority of systems.
Secret questions are good too, as long as you know what they are. One e-commerce site I used once and wanted to use again challenged me to to give it my secret answer - without telling me the secret question. And of course I have no idea which of a range of questions I used!
Sadly we are faced with a need for something like captchas to protect against the invading spamming hordes and that's going to be a pain for the foreseeable future. Blending of mobile with web potentially gives systems the ability to validate identity on the other channel, but that requires disclosure of information and doesn't work on mobile alone. Identity management is an interesting area and one with a lot of scope for growth, especially in the consumer space.