This is a fair criticism and something that we want to address as we continue to make improvements to our newly relaunched website. It has a long way to go still, and this kind of feedback is very helpful in directing our attention. Thanks — and sorry to hear about your frustration.
That’s a great idea. It’s certainly something that OPs and RPs should take into consideration.
There is currently some conversations going on about an OpenID Security Best Practices document; while the spec shouldn’t mandate SSL, it certainly should present the case for supporting it, ideally in a best practices doc.