We love the technology, though see OpenID moving into the background, kind of like pop3/smtp. My mom should just be able to login securely without having to know all the acronyms of the underlying technologies that make it possible.

As far as phishing OpenID has far fewer vulnerabilities than the traditional login/password method. Also you get to pick who your provider is, so do your homework. Many OpenID providers (myVidoop, claimID, clickpass, Verisign) have taken extra steps to offer multi factor authentication to their members. This raises the bar for would be hackers who will have a better ROI from targeting less secure systems.

Hope this helps…

-Kevin