We'll have to investigate this. We use the Joomla login functionality to log the user in, which means that if you fail logging in, the same functionality that happens with the normal Joomla login modules will occur. If it's different behavior your expecting for CB, let us know, but Joomla handles logging in just fine.
You can test what we see normally on our demo site. Just type garbage into the login/password fields, and you'll get a red "Username and password do not match or you do not have an account yet."
<!-- m --><a class="postlink" href="
facebook.sourcecoast.com/">
facebook.sourcecoast.com/
That's Joomla's standard behavior for a failed log in that we expect and use. If yours doesn't do that, we can give you hints on how to get it working correctly.