hmm, this is an interesting hack, but i assume it sends to the same email for every failed attempt
this could reveal to that email the password of one of the mods, who just accidentally mispelled their USERNAME on the login panel.
i dunno, but mods might not enjoy this, and this might be an idea: if a submitted username matches an existing username, then the email of that username is the one who recieves the email

that way the user in question knows they were the one targeted. (and perhaps the 'main' email getting the truly perhaps random attempt notices)
edit: hmm, although that wouldnt fix the whole mispelled name + correct password thing hmm...
truly a touchy subject :-p
edit: furthermore, this cant check if a login attempt worked, but wasnt that user (fully understandable), so this could actually serve to further give out your password :-/