Username or EmailPassword
This said Microsoft about Windows 98.
We really care, just for sake of how will be oriented the attacks. Moving the attacks from OS to a higher level like a web-page which supposedly will be easier to be tested. Also Google have the knowhow to use a blacklist-whitelist just to block most of those attempts. Or at least I just hope they will!
Sure, they can use a blacklist, but that is an inherantly reactionary approach. They can't blacklist what they don't know, and the odds are they won't know until a user has been tricked.