it seems to be relatively simple to brute-force, because the used set is small compared to possible keyboard letters. but for most real world scenarios it should work, if there are only spammers who don't investigate and just ignore it. thus maybe not for high-traffic sites.
The biggest problem is people take the capta image and put it on an other website (free porn or what have you). That way you always have humans solving your captch but you can still spam.