I am seeing this same error after upgrading to WordPress 2.3.2, but only on my production server, not on my localhost machine.
After some investigation, the actual problem has something to do with the PHP _POST variable, which is one of the variables that allows access of HTTP data from Apache in PHP. Even though normal page requests show up in the Apache log as HTTP GET's (as they should), on these requests the PHP _POST variable is set as if the request was actually an HTTP POST (which is what is used to submit a form, such as a username / password form). So to WordPress when you load wp-login.php for the first time it looks like you already had it loaded and then clicked submit with an empty username and password.
I have not figured out a resolution for the problem, but it is much more than a superficial aesthetic issue, so merely removing the lines from wp-login.php is not actually a fix.
I'm not sure how many problems this issue causes, but they are not just limited wp-login.php. I do know that the new Canonical Pretty URL rewriting in 2.3 checks requests for their type and does not attempt to rewrite URL requests that come in an HTTP POST. Since this problem makes all requests look like POSTs, it entirely disables that feature.