Since 3.2.06, an aditional security check was added, that makes sure that the current user can actually read the post or page the form is embedded into.

If you place the shortcode outside the Post content (for example into a template), make sure to disable advanced security in the embedded forms settings.