I also don't see why it would be a site-wide security risk. Not every user will want to login with an openID, and not every user who does will use the same openID provider. So if a provider gets compromised some number of users' passwords may be compromised, but if they're strong enough passwords they should still be safe. How is this different from the normal day-to-day worries about users having weak passwords?
no subject
Thanks for the clarifications, but it is certainly being marketed (http://openid.net, http://www.myopenid.com) and used that way (http://sourceforge.net, http://pragprog.com).
I also don't see why it would be a site-wide security risk. Not every user will want to login with an openID, and not every user who does will use the same openID provider. So if a provider gets compromised some number of users' passwords may be compromised, but if they're strong enough passwords they should still be safe. How is this different from the normal day-to-day worries about users having weak passwords?