The current mfunc solution needs to be rethought.
We have a plugin that dynamically adds some meta data to a customers page, and to get this code to work with W3 Total Cache we use 'mfunc' to properly not cache the meta code injection.
However with the latest fix, we can no longer make use of this, without requiring Wordpress Site owners to *hand* edit their wp-config.php
That solutions is somewhat cumbersome for developers with shell access. It's pretty much impossible for anyone outside of that mold.
So I'd like to propose a fix:
Instead of requiring the secure string to be entered into wp-config.php you instead make it part of the W3 Total Cache plugin settings page. Then any 3rd party plugin that wants to work with W3 Total Cache's fragment caching support, can surface an option to enter the same secure string as part of their plugin settings.
Thus, you still get the same protection--having the site owner explicitly grant access to mfunc, but don't require them to have access to their wordpress install folders.
In lieu of this solution (or something that allows similar ease of configuration), our recommendation will be to have our customers choose a different caching plugin.