Hallelujah! That worked for me!
@kokoschka - It looks like you're still leaving out the security_string part of the <!-- mfunc --> deal.
Here's what worked for me:
Added this line of code to the wp-config.php file in the root of the wordpress installation:
define('W3TC_DYNAMIC_SECURITY', 'mysecretcode');
Then used this code where I wanted the PHP to be run un-cached:
<!-- mfunc mysecretcode -->
echo 'testing php execution';
x = 10;
echo x;
whatever php code you want
<!-- /mfunc mysecretcode -->Remember, the <!-- mfunc --> comments actually REPLACE the <?php ?> tags. Kokoschka appears to be including the <?php ?> tags within the <!-- mfunc --> tags which is not how it works.