Does the author actually understand OPENID (Score 1)

firstly you NEVER type your password into anothers site with openid

you type your openid into their site
{then you are re-directed to your openid providers login page, ONLY IF NOT ALREADY LOGGED INTO YOUR OPENID }
then you are asked by your openID provider {on their site} do you wish to authorise the remote site to verify your identity {this time, always, not this time, never}
then you {and the result} are passed back to the openID enabled site that redirected you to YOUR OWN provier

any other implementation IS NOT OPENID its phishing