I love the idea and have used this on a few sites.
I have a site that is mainly for users from a single institution. The whole institution is (probably) behind a single IP address. So, a few failed logins from different users could quickly look like a cracker at work, and lock everyone out - not just out of this site, but out of all Brute-Protected site. Or perhaps not - it's hard to say... the question is: what are the limits? And secondly... can they be made configurable? (e.g. "Don't report the IP to BruteProtect central unless it has X failures within Y minutes" - depending on how BP actually works under the hood).