Here's a snipped of what my comments.php file looks like (Presentation... Theme Editor... Comments):

<label for="author"><small>Name <?php if ($req) echo "(required)"; ?></small></label></p>
<p><input type="text" name="email" id="email" value="<?php echo $comment_author_email; ?>" size="22" tabindex="2" />
<label for="email"><small>Mail (will not be published) <?php if ($req) echo "(required)"; ?></small></label></p>

<p><input type="text" name="url" id="url" value="<?php echo $comment_author_url; ?>" size="22" tabindex="3" />
<label for="url"><small>Website</small></label></p>
<?php do_action('secure_image', $post->ID); ?>


The important part, of course, is this:
<?php do_action('secure_image', $post->ID); ?>

Then, in my plugin file, I have this setting:

// Set this to TRUE if you will be editing your comments file (add this php line wherever you want the anti-spam image inserted in the comments.php file: do_action('secure_image', $post->ID); )
// Set this to FALSE if you want to use the default Javascript positioning
$cas_manualinsert = true;