It's a bit of an improvement. On the other hand, if that one account is hacked, it gives access to everything else as well. Moreover, you can even get a list of applications/sites tied to that account. Which makes it arguably even less secure.
If we want people to be safer, we should learn them how to use a password manager to generate a unique password for every site.
And since access to passwords requires two things (the password to the password manager and the password database), it's arguably more secure, even with a weak password.
Arguably, if you root someone's box you could install a modified TLS stack that would allow for a MITM attack to capture the 2FA login flow. (But this would be obviously a little more difficult)
Why do you think users want to own their identities?
Users, when you ask them, want a service that handles the backup and synchronization of their identity between all their devices. Users don't want losing the device their keys are on to mean losing their identity. Users want to be able to join a new device to their identity by just entering their username and password on it. Users want to be able to enter those credentials on random public computers to be able to temporarily use their identity on those computers, then log out when done. And users don't care about the security implication of any of this.
Currently, given this set of use-cases, "identity providers" like Facebook and Google work perfectly for users. Password managers don't.
I didn't say that any existing technology would meet this need, but there ought to be a way for users to have convenience and privacy. There are ways of syncing data without revealing it to the data host (Firefox sync, Tarsnap, BT Sync, possibly AeroFS).
It's up to those of us who actually care about such things to give users what they want in a way that gives us what we want.