Alihan: Thanks for the comment. I think security is something that would need to be enforced by your application, and you would probably also need to trust that the OpenID provider has the necessary security systems in place. Take your analogy a bit further: if we take Yahoo as an example, Yahoo usernames are equally public (every time you send an email from Yahoo, the recipient knows your Yah