Well, right now it's not smarter smarter, it's sock-drawer smarter. It does exactly what I want it to do. It takes its configuration directives via a config file rather than hidden fields. It uses MonkeyMath to defeat the evil Spam Barons. It only stores keys to temporary files in cookies, rather than actual tamper-with-able data. It manages and cleans up its own temporary files. It uses separate fail and success redirect destinations. It passes error data to other scripts via cookie-stored filename keys. Only one problem: it's a rat's nest. The entire codebase needs to be cleaned up and standardized. It was written in a day, and it shows.
The main thing I'd like to do is split the entire thing up into functions so that no naked code exists in the script itself other than code to check if it's being called (say a query-string of "activate" or something else trivial), which would allow it to be included, and thus to pass on some of its temp-file magic to forms using it. Particularly, I'd like to be able to use readTempFile() from inside a contact form so that it could take take care of cleanup on its own.
The other major improvement is standardization and abstraction of its bot-checking code. Right now, it integrates fairly inextricably with my monkeyNumbers script to perform human-operator checking. What I'd like to do is a single interface function which would accept two user-provided strings (presumably their answer and a string identifying their session) and return either 0 for "this is a human" or some error string which can then be added to the error queue. This way it should be relatively trivial to write tiny adapters to other bot-checking schemes.
You can see it in action at the contact form. It's got everything I could wish for, except saleability. Once it's beautified, I'll release it into the wild wood of open source software.