If the user was at the original login page, then they wouldn't need a warning about phishing sites. Plus, there are already several warnings in the forum and in the wiki against providing your PIN at login.