This is great – we just implemented rate limiting pretty much exactly as described here.
Only small gotcha was the check_rate_limit() function – we forgot that we use HEAD requests to validate username availability during signup, important to exclude those in addition to GET!