I've tried that once in a site and it was a maintenance nightmare. Users kept bombarding me with emails asking to unlock their accounts. Turns out 99 times out of 100 that a username/password combo has been mistyped it's from users jerking around or not remembering the password, rather from hackers trying to brute force their entrance.
Now imagine having a site with a few million accounts and 0,1% of them mistyping the password every now and then.
Sounds like a case of not handling the UX of the feature properly. What you can do is either allow them to unlock the account via email, or have a time-based unlock, or both. We do 72 hours or unlock it via email.
Now imagine having a site with a few million accounts and 0,1% of them mistyping the password every now and then.