Can't people use PAM to get this effect if they want it?
what if u use pam with ldap, then u can use pg brute force cracking to obtain the ldap password, which is probably a bigger problem
For most people password guessing isn't going to be a big problem as the database won't be accessible from totally untrusted places and watching the log files for guessing will probably be a good enough solution.
what if u do want the database to be globally accessible..
