Rcently my blog was compromised. The attacker changed my password via the admin panel after gaining access. I recived the 'Password Lost/Changed' email notifying me of his action.
It would have been helpful if the email sent after the password being reset contained the IP address of the person doing so.
I tried to do this myself however don't think it has worked.
In file /wp-includes/pluggable.php:1144
$message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n" . "IP: " . $_SERVER['REMOTE_ADDR'];