All login methods (such as Imap.Login, Imap.UseBestLogin) throw exception when login fails (when server returns an error response).
In most cases server responds with:
NO [ALERT] Please log in via your web browser: http://support.google.com/mail/accounts/bin/answer.py?answer=78754 (Failure).
Which results in an exception in your .NET code, with appropriate message.
Shouldn't you be limiting access after couple of wrong logins?
Definitely not. It's not up to the client to limit incorrect login count. Also which maximum number would be good?