http://www.thespanner.co.uk/2007/10/17/openid-account-security/ for one. You can also check their lists on http://openid.net/mailman/listinfo/ and probably raise this discussion there, as that would be where people with enough exposure to openid can answer you better.