Our site uses an external auth (Shibboleth) to authenticate users. I ended up hacking your plugin to use wp_login_url. So the login_url filter used by Shibboleth still functioned. I didn't change any of the other wp-login.php references because the Shibboleth plugin would create access once authenticated defeating the purpose of your plugin. I thought this post might help others or you might want to include the change in your next revision.
< header( 'Location: ' . add_query_arg('redirect_to', urlencode($$_SERVER['REQUEST_URI']), wp_login_url()));
> header( 'Location: ' . get_settings( 'siteurl' ) . '/wp-login.php?redirect_to=' . urlencode( $_SERVER['REQUEST_URI'] ) );
Either way great plugin.