I am not a programmer so maybe my suggestion here is stupid.
But I see how some people are saying that it helps when you rename some of the various default files that are used for posting comments and trackback...
Why couldn't you during the course of the install have a configuration screen that prompts you to come up with a random name for those files... Suppose instead of wp-comments, you are prompted and you say "goose" and now that file is called "goose.php".
It would make it harder for spammers to find one way to spam everyone's site as that hopefully, everyone has chosen a different name for those particular files during the install.
Am I making myself understood? Is this possible?