Comment 1 for bug 457358

Is there any reason not to tell the user (or bad guy) that we have locked an account when we do it? Not doing so will probably up the number of password-change requests...and the number of people bleating for help through the 'feedback' function. Should we politely tell people that their account has been locked, for security reasons, and that, if they've forgotten their password, they can please click on the link below? And...presumably, a successful password-change request will unlock the account?