[mkjones]

Shoot - sorry if I came across as disingenuous! You're right that a lot of the reason we spend time on login is because we want our users' accounts to be secure - but a big advantage of our API is that we extend all that work to third parties. I think it is actually a pretty good drop-in login solution, but you obviously have to have some setup associated with it (the user needs to understand to whom they're disclosing their identity, etc). You don't need to ask for any permissions or query any data (though of course I think you can make things a lot more compelling if you do in a lot of cases).

Agreed that companies should determine how to deliver a great experience. In my opinion, a two-click login with something like FB is a much better experience than registering with another password and confirming your email address, and worrying about what the site's security is like (how do you evaluate this?). It sounds like we'll just have to agree to disagree here.