After catching up a bit on OpenID, I don't really see the huge security issues hinted at - if you know what you're doing.
However, one use case for this is to provide MB.o authentication for other places - e.g. https://acoustid.org/. For this to work, MB doesn't have to accept OpenID logins, as long as it acts as a provider.
I don't really think this is likely to be worth the bother, and authentication to other places is provided by MB's oauth. So I vote wontfix as well.