Apart from the security issues you've yourself noted, it's possible that the entered password matches another account's password coincidentally, not because the user intended to log in to that account.
If your account has the same password as another account that's 1 or 2 letters different, it's not really the site's job to protect you. You screwed up.
This is not a very big problem security-wise. It makes online attacks slightly easier, but you can limit online attempts pretty easily. It doesn't affect offline attempts at all.
The downvotes dheera got are extra inappropriate because they were just saying it's doable.
