First, great plugin and support. Your dedication to WP values is first rate and puts you in a select group.
1. Delay vs block rehash: I have read some but probably not all of the reasoning for delay vs block. However, here's a twist that I haven't seen discussed. We use New Relic for server monitoring, and it appears that if we get a wave of brute force attacks, the delays imposed by LSS cause our metrics to appear like something is broken in our network. Our automated alerts become meaningless (and when alerts become meaningless, they get ignored), and our pretty graphs of fast response become really ugly. It leads to a longer than necessary discussion with clients to explain that we intentionally were being slow in some situations. I think this is a good case for at least making delay vs block a configuration option. Am I wrong?
2. In conjunction with #1, we'd love to see the ability to auto-block banned usernames (or if no block, at least auto-delay). We're banning certain usernames (yeah, you can guess which ones), and these usernames account for a very high percentage of our LSS fails. We'd love a way to enter a list of usernames and just have them blocked, with 1 entry in the fail table for the block. We've seen hundreds of entries for the same username and IP, and it makes it harder to extract useful information from the fail table.
And for others interested in a big reason why this is a great plugin: on a network, it puts the plugin admin in the hands of super admins and the fail table is for the entire network. The Limit Login Attempts plugin puts settings in the hands of site admins and stores failed logins on a per-blog basis. That setup takes away a big benefit for having a network in the first place, so props to LSS and its author for doing it right.