The information these bots leave at our forum (IP address/subnet, profile information, posts, etc) follow some easily recognizable patterns ;) And their activity is so low that there is nothing to worry about. When it becomes worse we can disable automatic registration and require all new users to be approved by an admin (or set most of the boards to read-only for new users).
As for the password - you do know that using the same password in multiple sites is unsafe and stupid?