Why would it ever be even close to that high. Every decent system I have ever encountered raised some serious flags after 3-5 wrong guesses. If you flag an account after 10 wrong guesses, start requiring a CAPTCHA after the first one, and ban ip addresses when you detect massive multiple account attempts, you can offer security fool proof security, with, lets say, around 100 guesses.
If it only takes 100 guesses, then an attacker can slowly try passwords stretched out over time, depending on his victim's routine behavior of logging in a couple times per day to reset the fail count. Or maybe he can try 1 guess (with 1/100th odds) on each account in the target system. If there are hundreds of accounts... well, you get the idea.
IP-based banning can make this harder (forcing the attacker to find/use multiple victim PC's), but it's not widespread yet (for instance, I don't think Active Directory or slapd support it).
[Coupons are] there to get people to make decisions that they otherwise wouldn't make, usually bad ones.
In addition, they serve as a form of price discrimination: you can save a nice chunk of change on groceries by taking an hour each week to clip your way thru the Sunday paper, but once you have enough disposable income (and perhaps less leisure time) it's no longer worth it.
"Show business is just like high school, except you get paid." - Martin Mull