login question

Why, when you type in an obviously invalid login, does UNIX give you an opportunity to type in a password? Is it a security thing?

Yes. In fact, good login implementions should not give a clue as to either the correctness of the login name or the password. Consider this:

When the login method receives a user name, it would have to open the password file and check for valid name, if correct, it might then close the file and read the password, or keep the file open and read the password, etc.

If you do an analysis of how the userid and password are entered into the method and compared against the password file, it can be seen upon analysis why the login function works as described.