CAPTCHA is ineffective in keeping spambots out. Replace CAPTCHA with reCAPTCHA. It is more accessible and better at keeping bots out than ordinary CAPTCHAs.
I instead think that WMF should develop a better (preferred standalone) CAPTCHA service which can be used by Wikimedia sites, external MediaWiki sites and tools hosted in Cloud VPS and Toolforge (currently some tools uses reCAPTCHA which is not consistent with T133919).
I assume, that you ask, that Wikimedia wikis should use reCaptcha, right? I remove the ConfirmEdit tag, as ConfirmEdit already supports the reCaptcha service, and it just has to be included in the configuration (instead of using another CAPTCHA module), so there's nothing to do in the ConfirmEdit extension :)
As someone who has locked thousands of spambots, and continue to do so, any help in stopping the registration of that crap would certainly help. I can understand however the privacy concerns on using an external service like Google reCaptcha.