Haha :) Hope the parallel patch helps. Happy to contribute them!

Related to your additional points -

The "ATHENA.MIT.EDUraeburn" pbkdf2() test vector I added at the bottom of 
passwords.py is test vector I took from rfc3962 
(http://tools.ietf.org/html/rfc3962#appendix-B), which has some 
additional test vectors for PBKDF2 (as part of some AES test vectors).

Attached is a patch that adds an iteration config parameter for PBKDF2. I 
haven't tested it as well as the others (not sure that I found all the 
places a password might be created), but I'll hand it off anyways since 
it lays down the basic framework: 

* It adds a "password_pbkdf2_default_rounds" config parameter (default 
10000)
* It passes a config object into the Password constructor wherever a new 
password is created; 
* The Password class in turn hands config off to encodePassword, so that 
additional hash configuration options could be added in the future. For 
now, the PBKDF2 encodePassword routine will use the config parameter if 
config is present, or fallback to the hardcoded default.