If I did use mailto links, I would escape some of the characters in both the anchor tag itself and in the text. There may be some bots that can still grab the address, but I think it prevents at least some harvesting.
What I'm really surprised about is why more webmasters don't speak about the basic unuseability and annoyance factor of mailto links. Just guessing, I think that a rather large percentage of internet users only use web-based email. Most likely, the one they get from their ISP. Even geeks, I would think, use both a client and web-based mail with multiple addresses. I know that I don't like it when a link with unclear anchor text suddenly opens my email client. It's annoying.
Just curious, what would a captcha have to do with preventing email harvesting from a secure contact form? I assume a secure form means that there are no email addresses in the html code, among other things.
I'm also wondering why the OP has an email address as a forum name?