Don't get me wrong, I love OpenID, even now it's famous, and use mine wherever I can and sometimes where I probably shouldn't, but there are some risks which many don't seem to be aware of. The first is that it doesn't kill phishing, well not without some help from the browser. The second is like all URIs, it relies upon DNS, which is worrying not so much because the centralised registry can get hacked, but because it's easily spoofed or poisoned. Please don't tell me XRI is the answer, we really need a more trustworthy DNS.