the problem is with this line here
elseif (!trim($security_code)) {
echo "<p>Please go back and enter the correct security code</p><p><a href='javascript: history.go(-1)'>Click here to go back</a>.</p>";
}
its only checking if it has a value. you need to put something in here like
&& ($security_code == $the_security_generated_number)
however i cant see where that value is that should be comparing it to i think its in here
includes/captcha.php
i have never used captcha before so sorry i couldnt b more help i would guess you have to send the security number you enter along with the actual number but your form only seems to pass the number you entered (although if you did pass both then some carefull sql injection could get around it :s) so . . . i guess you have to read it form the includes/captcha.php file (but then the number will change) sorry i cant be more help mate