The cache is cleared daily. So, in one day we probably would not have 500 bad passwords entered. If we hit this size, an error is entered into the log suggesting that too many people have entered bad passwords and the administrator should check for an attack in the log.
This value may have to be made larger if a customer uses a single vault for a very large number of ID files and people often legitimately forget their passwords.