Yeah, same here. There's a Ukranian IP that's been trying every now and again for about a hundred times to login as
admin for 3 days now and in the plugin settings it just says "admin (1 lockout)", while my log files have
93.183.***.*** - - [10/Mar/2012:13:47:15 +0000] "POST /wp-login.php HTTP/1.0" 200 5650 "http://[my server]/wp-login.php" "Mozilla/5.0 (Windows NT 5.1; rv:4.0) Gecko/20100101 Firefox/4.0"
repeated for about a hundred times even after there should theoretically be a lockdown. I assume that instead of getting a 403, the login page is still shown, but with a notice that you can't log in anymore.