It didn't "break", they improved it. From the change log:
Improved security for mfunc, now disabled by default and requires security string in order to execute
And in the FAQ:
How do I implement page fragment caching?
First you need to define W3TC_DYNAMIC_SECURITY in your wp-config.php file.
define('W3TC_DYNAMIC_SECURITY', 'somesecurestring');
Edit your templates with the following syntax to ensure that dynamic features remain so. Replace with content of the constant:
Example 1:
<!-- mfunc {the W3TC_DYNAMIC_SECURITY string} any PHP code --><!-- /mfunc {the W3TC_DYNAMIC_SECURITY string} -->
Example 2:
<!-- mfunc {the W3TC_DYNAMIC_SECURITY string} -->any PHP code<!-- /mfunc {the W3TC_DYNAMIC_SECURITY string} -->
Example 3:
<!--MFUNC {the W3TC_DYNAMIC_SECURITY string} -->
echo rand();
<!--/mfunc {the W3TC_DYNAMIC_SECURITY string} -->
(etc....)
Be aware that WordPress functions will not be available.
Following the instructions above worked for me.