I am not a white hat or anything, but I suspect that a real black hat would attempt to crack the password file directly, rather than inputting data through the interface. An email notification on 10 consecutive password attempt failures would have no effect. The 2-step authentication option sounds interesting, but might be difficult to implement in practice, due to incompatibility with the original PasswordSafe product.
I am not a white hat or anything, but I suspect that a real black hat would attempt to crack the password file directly, rather than inputting data through the interface. An email notification on 10 consecutive password attempt failures would have no effect. The 2-step authentication option sounds interesting, but might be difficult to implement in practice, due to incompatibility with the original PasswordSafe product.