I think this issue applies if you allow users to post without requiring registration/login (which I don't). But in that case, there are multiple calls to this function (please search for that function name).
For example in question-view.php, here are the calls:
$a_view['buttons_form_hidden']=array('code' => qa_get_form_security_code('buttons-'.$answerid), 'qa_click' => '');
'code' => qa_get_form_security_code('answer-'.$question['postid']),
$prefix.'code' => qa_get_form_security_code('comment-'.$parent['postid']),
So regex has to be written to make those calls, and replace those values.
It is a lot work doing this for every page. I would limit caching to question page, which is probably the most important/heaviest load.
This can be done, but is a lot of work.