BFM checks some brute force login's that CSF does not like for example login tries/failures to DA it self.
BFM can do some automatic blocking for that part too, so I wouldn't stop running it.
I would like to add that the following thing is the main reason why BFM should be still enabled: http://forum.configserver.com/viewtopic.php?f=5&t=7821#p22968. Otherwise you could get email/mysql databases passwords bruteforced easily I hope they will add support for that in the future.