Password reset pages are another avenue of attack. If somebody tries to reset a password for an unknown username, some sites will respond with a message indicating that the account does not exist. Try to avoid this.
