Absolutely any plugin can be cirumvented by humans. The thing is to avoid the ones that can be circumvented by computers, I mean, automatically. Complex captchas can not be solved by computers. They do need humans around. This of course, include the infamous reCaptcha that seems to be uncrackable.
The thing is that even if they're uncrackable and require human input, it is possible to automate everything else, such as clicking on the fields in the form. That way you can build a system designed only to allow users from all over the world to input text in images and send the answer (usually correct) to the system that can distribute those solved captchas to any paying client.
Now, this has been applied to reCaptcha because it is profitable. Too many sites have that great security system (including the default Q2A installation), so doing everything that is possible to automate the input of that captcha is worth the effort.
So what can be done? Go for an alternative that is NOT profitable to spend the automation money on. That means any lesser known security system should be enough to avoid the massive human cracking. However, that lesser known security system should be good enough so that it is not possible to automate either.
The only plugin that fulfills those two requirements seems to be this extremely underated one: https://github.com/KrzysztofKielce/q2a-captcha-antibot
I've asked a few people to test it and to send feedback... nobody did. I have to assume it worked because if it hadn't they would have already complained :)
Can you please test it for a while and let me know if it works?