There are protections against replay attacks within mCaptcha: tokens are single use also have a lifetime beyond which they are invalid.
Disclosure: author of mCaptcha