You can liken this to the old idea that even a the most basic form of bike lock will deter theives. The larger your sample, the more likely you'll find a totally unlocked one.
Given even a small amount of protection, the evil-doers will simply move onto the next target, as it's better to test 1000 machines quickly, than it is to test 1 thoroughly. Also the fact that you obviously understand the risks, shows them you'll probably choose a sensible password.
These guys have an almost unlimited pool of IPs to test for logins, they'll perhaps get a 0.0001% penetration rate, which is easily enough to justify the whole exercise. This is why they'll only test the most common passwords and then move onto the next host, because you'll get better results by increasing your sample size than you will be hammering a few servers with massive wordlists.
Simply put, it is not a good use of their time to have their scripts check for non standard ports or any of that other gubbins, when there're ~ machines who could have NO protection waiting to be tested.
Interestingly, this a bit like why you should NEVER use sequential IDs instead of usernames (like rapidshare), because I'll just use the password "password" and test a vast number of logins until I get what I want.