This extension actually works as designed. Replacement is not really an option for server side variables. This was taken from a client side javascript behavior that replaced the value in the text field before submission. Since the server code acts after submission, the values can't actually be replaced.
It is a bit confusing that it is displayed in the server UI, but that is because they both access the same libraries.
I don't think you really want to do a replacement anyway do you? If you wanted to prevent someone from entering 12345 in a telephone field, then what would you want to replace it with? If it finds the value it will fail validation, but replacing isn't really relevant for your use case it doesn't seem.
Why not use regular expression, or phone number validation? Or use the restrict content validation without replace values? It should still fail the validation.
Perhaps I'm missing something. Please describe the exact functionality you are trying to achieve and I can try to help you achieve it.
The validation you are trying to use was originally called swearing validation. It's purpose was to replace bad words with random characters for forums. I don't think it really makes sense for phone numbers?