Perhaps I'm just confused. I realize that it's just supposed to be a beta implementation, but it's going to be hard to sell OpenID even as a blog-spam panacea with these kinds of problems.
Also, could we offer some OpenID-relevant security tips instead of the mind-numbing password length/composition suggestions? How about verifying the use of https, an aol.com address, appropriate use, etc. This issue may lead into discussions regarding the level of exposure that the user has to the OpenID experience. How aware should the user be of the underlying technology? Some have suggested that such exposure be minimized; I would suggest the contrary in this case.