In Kayako SupportSuite 4 "Fusion", the administrator panel is set up such that login failures are logged to the system. I personally think that this is useful and can be used to lock down things. On a side note, can we change the filename of admin.php, and still retain its full functionality? Actually, this could be extended to log other failures as well, such as system (software-XF) and PHP issues caused by the software. Might be useful in debugging.