[lakerz16]

OpenID does not provide your password to each site that you use it on... It uses a token that only that site can use, for the permissions that were shown when you created the token. If someone did acquire that token, you could just change your Facebook password and the token would expire

[undersuit]

If my Facebook password and some old website's password are the same my Facebook can be compromised. Then the attacker can run around on the net pretending to be me at any OpenID accepting website.

OpenID isn't being attacked or at fault, it's non-unique passwords.