Hi Craig,
While I am not 100% certain about the display issue being none or positioned off the page, I have read several books including the 2 PHP books from David Powers and a couple of CSS Mastery books and all of them suggested to use CSS to position them off the page rather than set the display to none. Perhaps, setting it to none, means it cannot get read at all by the bot because it won't be regular text and input inline with the actual form. So, I would probably recommend to position it off the page just to be sure; I know for a fact that it will then get picked up by the bot and probably filled in.
If you are still getting spam even through captcha... you may have a bot utilizing the script without even having to go through all the fields. One way to avoid this is to have the script on another page - so if captcha checks, it then moves to the process page. Personally, though, I would prefer to have the process right on the same page. To do this, you could not only run the checks on validation of the honeypot and captcha, but if they fail - add both a header redirect and the "end;" command to ensure that the script cannot be used in any way. I think if you put the end command in after your redirects, it will solve a lot of problems as the script will completely be killed at that point.
