What about spoofing pseudo-consumers?

[Rasqual Twilight]

I've been thinking about what could be risky in the OpenID specifications.

Here is a scenario I came up with:

A malicious website (pseudo-consumer) tries to phish to careless users 
submitting an identity.
Then, knowing the URL of the OpenID server, the pseudo-consumer presents a 
cached login page by putting it in a frame or an iframe to hide its real 
URL.
The user, believing something went wrong with the server session, enters 
his/her login and password to log back in.
Finally, the pseudo-consumer can even pretend the auth went smoothly by 
logging in of the user.

Does it sound alarming, unlikely to you?
A tech user would probably not be deceived by this trick, but how about a 
general user?

-- 
Rasqual
OpenID: http://rasqual.twilight.hyde.ws/