This is an excellent point. I recall when we used to make fun of Microsoft for this type of intrusiveness (I am forgetting the version of Windows OS that drove users nuts with regular deny/allow intrusions -- it was spoofed in the Mac v. PC ads).
Stuff like this was simple for Apple to do from the start. Glad it's finally here, though.
I don't know if this question has been definitively answered, but I'll ask anyway: is iCloud protected against 'brute force' password hack attacks?