Dizzy has had a go at OpenID pointing out the potential for man-in-the-middle attacks and phishing. This is akin to blaming tube and bus drivers for the 7/7 attacks or suggesting the roads are at fault for car accidents. The whole point of OpenID is it distributes other sites authentication, it doesn't shouldn't and can't enforce the level of security surrounding that process. Given that the model it uses is pretty much the same as that used by Paypal, Google and Worldpay for third party payment processing and Microsoft, Yahoo and many others for authentication it is a bit much to say it is the process. If you are going to have a go at something for this, I would suggest going after Mastercard secure code and verified by Visa for trying there bast to look like phishing sites.
So what is the real issue, it is the same problem that we all have everyday on the internet whether we are using OpenID or not. It is about the tremendous efforts people put into to trying to steal things from us. It is (hopefully) the death knell for simple username and password based logins over the internet and the era of two factor authentication, challenge-response, certificate validation moving away from being hidden away as a little padlock or a colour change in the address bar. Well we can but hope.