It seems that the logic to set attr_accessible/protected doesn't work with the strong_params gem.

If I comment out the line that sets :spam_answer and :spam_answers as attr_accessible in lib/acts_as_textcaptcha/textcaptcha.rb, my tests pass.

I haven't tested this with strong parameters in mind, I was really waiting for Rails 4 to be released before implementing any changes. I'll see if I can look into this further this week.

Just release acts_as_textcaptcha 3.0.7 with some small fix that should address this issue, let me know if you have anymore problems.