[OpenID] Persistence of e-mail accounts

[SitG Admin]

>You can safely associate this new email address to the same account if
>the received URL identifier is the same.

If the RP doesn't, they could inadvertently grant access to one 
user's account, to another user - unintentionally acting as a 
"hostile" RP in that instance. Should there be quality assurance 
exchanges for RP-to-OP so the OP can warn its user that the RP is 
using a setup that could potentially be compromised?

-Shade