Whenever OpenId comes up there's always a million comments about handing over passwords and that all it takes is one site you're registered with to be compromised for your identity to be lost. This is not the case as OpenId does not share your actual login information with the third party at all. All the authentication happens at your provider. I fail to see how people consistently overlook this vital piece of information. If you're provider is compromised on the other hand... you're pretty much in the same place as somebody compromising your mailbox. And there's a worrying trend of people just handing that information out anyway.