It's really encouraging that Microsoft have made it possible to login to HealthVault with OpenID. What they're saying is that OpenID is good enough to use in secure applications not just websites.
I think that's right. Making security too onerous for users and complex for adminsitrators doesn't work.