I'd like to see a couple of things...
1. A Captcha on the login page. Would stop bots from trying to brute force passwords.
2. An "account lock" put in place, after X ammount of un-succuessful login attempts the account is locked and the user is emailed with an unlock link with the text similar to:
There has been X failed login attempts on [your login name] at [our community name], we highly advise that you update your password. Please click here to unlock your account.
3. A log entry generated after an account is locked due to a brute force, with the "bad users" ip address logged to the file so the admin can choose to ban it or whatnot...