Comment 11 for bug 199069

Joey, that's the same security issue list I posted last fall to bug 1169. And yes, the phishing issue can be a problem since you support specific openid 1.1-style ids. But what additional security exposure are you seeing based on the user having a human-friendly 1.1 id vs the randomly-generated one you're offering already?