I did a similar thing once (off my own back - I was young and naive) on a dead simple web app I wrote. I put a footer that said something like "all access is logged, unauthorised access will be investigated" with the current IP address to try to demonstrate that I had the data to do it. I didn't. And nothing of the sort was logged or investigated. I just hoped it would put people off!