I would say "a typical web user" uses the same passwords or slight variations on at least 3 different sites... that being said I wouldn't want my openID hacked...(single point of failure) are the at least demanding strong passwords?