"Very few sites (even tiny web forums and such) are willing to trust arbitrary 3rd party."
Those sites wouldn't be trusting a third party; they would be trusting the user. Specifically, they would be trusting the user not to delegate his identity to an impostor-friendly provider, just as they are now trusting the user not to re-use his password on any site that will some day have a database leak or cleartext login form. Anyone who thinks his onsite auth buys him greater security than OpenID either has some magic way to force people into choosing unique passwords, or is sadly mistaken. I'll let you guess which is more likely. :)
I'm curious where you got the "very few" metric. Anecdotal evidence? A study with a large and diverse sample size? If you have some study results, I'd like to bookmark them. I guess it would just go to show that very few admins have a good understanding of overall security.
"There are other problems, like ensuring unique, non-spam/bot users, that can't be done with remote authentication"
Local password authentication can't solve those problems either. Bot and spam problems are solved by other means, like captchas and request rate throttles. Sane sites do this when an account is created, not every time a known-good user wants to log in. Some really careful sites take additional steps during login (like click/request/response timing), but those steps are invisible to the user and can be applied regardless of whether a local password is used.