The 5 guesses / 5 minutes throttle is set per wiki,
$throttleKey = wfMemcKey( 'password-throttle', $wgRequest->getIP(), md5( $username ) );
so does ConfirmEdit,
wfMemcKey( 'captcha', 'badlogin', 'ip', $ip );
CentralAuth doesn't do throttling.
I think we should either have a globalthrottle extension, or just make these use a global cache key.