1. 99% of people use the same login details on every site they go to anyways. That's not likely to change. For those people OpenID is actually more secure, since their password is only ever exposed to one site.
2. Your email address is already a single point of failure for any sites with a "Forgot my password" function.
IMO an OP can be made secure enough that the benefits of OpenID outweigh the severity of a possible breach (at least for non-critical transactions).
Good points. So I guess the challenge is either to convince users that OpenID gives them some advantage to just using their same old login details, or convince website owners that it is a good idea. I guess we'll see how it works out...
2. Your email address is already a single point of failure for any sites with a "Forgot my password" function.
IMO an OP can be made secure enough that the benefits of OpenID outweigh the severity of a possible breach (at least for non-critical transactions).