CSRF protection is auto-added to each form by a combination of in-place Genshi template modification and read-back on POST request, and I know this has been added very early, fixed version in Trac 0.10.2 release to be clear.
You'll need to use XMLRPC protocol (see XMLRPC plugin) or read the hidden form token yourself.