What's the word on the street?

Many people are using script in an attempt to hide email addresses from email harvesters.
These are the 2 common approaches:

1. Use a a doc.write statement directly into the page, while loading..

document.write( printEmail('name','url') )

2. Have the onclick event handler call a function that either -

a) assigns an email: protocol address to the (previously empty) href of the link.

<a href="" onclick="setAddress(this,'name','address')" >

b) sets the window.location to the email: address.

<a href="" onclick="setLocation('name','address')" >

I suspect that wily email-harvesting gremlins have got wise to approach #1, after all, it's hardly a secret anymore. Is there anything to stop them simply loading and rendering the document, including script insertions, then scanning that?

In other words, is #1 largely pointless these days?

Is #2 a reasonable protection at the moment - as it requires an interactive action before the address becomes part of the DOM?