JCaptcha always generates the same sound file. That is, for example, the number 3408, always gives a .wav sound file wich is exactly the same sound. So it is trivial so map all the entire range of posssible captcha sounds and thus the attacker does not need to "listen" the file, just a script that downloads the sound file, check it's hash and find what number is associated with that hash. So automated attacks to bypass the captcha are trivial...
I think you are right. It will be fixed in the next release
Has this issue been fixed?