A user perspective on why OpenID can be just as complicated as (and thus, as bad as or worse than) other authentication methods.
OpenID server software needs to be able to detect when it is being used to proxy an attack on another server.