E_Cloaker (available free from www.CodeFoot.com
hosted on FQ) and tools like it will slow down a great many of the harvesting programs -- but yes, some of the more sophisticated ones will read through unicoded addresses. Few take the trouble, though, as the additional parsing load starts to add up.
I *do* like that Flash approach mentioned above -- I don't think much of anything can read through that!
Ultimately, though, we've found the best approach is not to put email addresses anywhere on the site, but instead use scripted mail forms.
Still, nothing stops *all* of the spam, as addresses are gotten or created via many other means than just raiding your site.
Some of the harvesters I've seen, for instance, parse WhoIs to get admin, tech, and billing addresses. Others automatically send copies to support@ and webmaster@ (etc.) at every domain.