I work for a smart grid consulting company...before that, a major (nearly a century old, and widely-recognized) civil engineering firm, again in the power industry. Before that I was the official smart grid security spokesman for a large IT company, and briefed Gartner, Ponemon, Forrester, etc. I've been deep into the guts of generation, T&D, energy marketing, and smart metering infrastructure at dozens of power companies over the past decade.
I've never seen OSGP in the field, not once. The OP talks about "millions of smart meters" using it, but damned if I can figure out which meters those are. Landis+Gyr? Nope. GE? Uh uh. Itron? Hell no; they have their own end-to-end architecture (and it works really, really well, which is why Itron is now the 800-pound gorilla of the smart metering world) Sensus? Nope, they bought FlexNet from Motorola and use that, and it has its own (decent) encryption. Elster? Definitely not...I've seen Elster's architecture up super-close, and this protocol is nowhere to be found.
In fact, if you look up OSGP, you'll see all kinds of announcements from the alliance behind it, but not a lot of actual success. Sounds to me like someone found vulnerabilities in an also-ran protocol, but the security issues aren't the only thing wrong with it...which is why nobody seems to actually USE it.