CAPTCHA seems relatively pointless at stopping spammers since there are dozens of online services that use human labour to solve them for a dollar per thousand.
In tests on my own sites I've found that introducing reCAPTCHA during the registration process leads to a significant increase in people abandoning their registration when they fail at recognising the text the first time, without putting a significant dent in spammer registration at all. I've found it far more effective to do things like randomising form field names (instead of using names like 'username' and 'password') so the spammer has to scrape the site to figure out which fields he needs to submit for each and every account he registers, silently dumping registrations that don't use the correct field names, and then applying various heuristics to successful registrations to detect patterns common to spammers.
For instance, one particular spammer always seemed to use the same user agent string and didn't ever trigger any of the AJAX calls on the page. It was trivial to detect registrations coming from that one spammer and silently dump new accounts when he created them.
Randomizing the field names is a great idea but as you said they would just need to scrape the HTML each time they wanted to register. Have you considered sprinkling in random bits of markup to throw off the people using regex and other lazy parsing methods? That might make it a real pain to scrape your forms depending on how the spammer parses your page.
I still have 'username', 'email', and 'password' fields in the form but I hide those elements with CSS, which no scraper is going to bother parsing. When the registration form is submitted the account is essentially hellbanned, they can 'activate' the account via the normal email confirmation process but anything they post disappears into the ether.
I'm catching about 100 spam accounts a day with this technique[1] and the ones that I miss are fairly easy to detect through analysis once they start using their account.
What happens if someone uses something like LastPass, RoboForm, or any of the other automatic form fillers to legitimately sign up for your website? I would imagine that these would "guess" that username means username and email means email, which may lead to false positives for real users.
One way to avoid this issue might be to plop a hidden input box on the page if this input has text in it when it's submitted, you silently drop the registration.
In tests on my own sites I've found that introducing reCAPTCHA during the registration process leads to a significant increase in people abandoning their registration when they fail at recognising the text the first time, without putting a significant dent in spammer registration at all. I've found it far more effective to do things like randomising form field names (instead of using names like 'username' and 'password') so the spammer has to scrape the site to figure out which fields he needs to submit for each and every account he registers, silently dumping registrations that don't use the correct field names, and then applying various heuristics to successful registrations to detect patterns common to spammers.
For instance, one particular spammer always seemed to use the same user agent string and didn't ever trigger any of the AJAX calls on the page. It was trivial to detect registrations coming from that one spammer and silently dump new accounts when he created them.