I think it would be great if the wp-login.php file was actually a name created from a config file on installation. We don't use the wp-login.php for anything other than admin, so we think it would be great to take security one level further and allow the site owner to decide what the name of the login page is. This would make it harder to brute force attack the login screen.
I have looked at simply changing the file name, but wp-login.php is hard coded in the core, and of course, I never want to edit core files.
Simply make the naming of the login screen an advanced option on installation or upgrade.