A server update took our Scripto install offline briefly a week ago, and that somehow resulted in spammers creating accounts and pages on the MediaWiki install directly (not going through Scripto). We’ve got Scripto running again, but the spam keeps coming.
I haven’t tested any MediaWiki extension for compatibility with Scripto, but I suspect that requiring a CAPTCHA will break login. The other recommendations for combating spam shouldn’t affect Scripto.
If the Omeka and MediaWiki installations are on the same server, maybe you could make MediaWiki totally inaccessible to anything but that server. You’d need to discuss this with your systems admin.