I think most of the handwringing about OpenID can be avoided if you just think of OpenID for what it is: identity that you yourself provide through your own web site.
Does it bother you that you yourself know who you authenticated with? Doesn't bother me.
Are there nebulous man-in-the-middle attacks possible? Not if you don't want to.
The fact that many people will outsource OpenID to other providers doesn't change this; if you hand over your identity to a third party that runs it poorly, then that's not a problem with the OpenID standard.
Does it bother you that you yourself know who you authenticated with? Doesn't bother me.
Are there nebulous man-in-the-middle attacks possible? Not if you don't want to.
The fact that many people will outsource OpenID to other providers doesn't change this; if you hand over your identity to a third party that runs it poorly, then that's not a problem with the OpenID standard.