It brings to our attention that there is a whole class of applications - "invite only" ones - where the main argument of the article does not apply. And therefore the conclusion ("The login user interface should distinguish bad user handle vs bad password") does not apply either. The article just mentions "99.9% of all websites" somewhere near the beginning, and that number may be way too high.

I would in fact be interested in an analysis of how many web sites do and don't follow recommendations like "do NOT distinguish bad user handle vs bad password", which are widely considered best practices. I wouldnt take a guess, could be anywhere between 10 and 90 percent.