We know from experiencie that trying to login with the wrong password will eventually lock up the account. Is the same true for API requests? It will be very helpfull to have a log of offending requests to track back the issue. Do you provide a developer section or account page were to check for authentication and login status?
At this time we do not have an area where you can see where your API is being used publicly. This could cause some security issues but if you call into our support line at 1-866-289-2101 they can tell you which plugins / API you are currently using. The API may or may not lock up the account depending on how the authentication is sent. If the application is using oAuth it will not lock out of the account as your password is not part of their system. However, if they are using basic authentication which requires your username and password it will definitely lock you out of your account if you change your password or fail to enter credentials correctly through the API.
Please let me know if this answers all your questions.