First of all - great plugin - works well for us!
Would it be possible to consider adding a feature that whitelists IP ranges? If it could be done using CIDR format or wildcards, that would work best. I realise this may work contrary to the goal of this plugin, but in our situation, it would be useful. Most of our users access our multi-site WP install from our internal network. Users get brain farts and end up locking themselves out needlessly. A whitelisting feature would reduce our support requirements. If the plugin could still deliver an informational message after X attempts directing users to support, but not lock them out, that would be great.
Also, it would be great if the error messages could be customized from Dashboard plugin settings. This way, we could direct legitimate users accessing from external IP's who have clearly forgotten their password to a help desk. Could just edit code, but throwing it out there for possible inclusion.