One quick correction: "an assertion is provided in the frontend and then the server sends it back to BrowserID to get the user information." isn't quite accurate.<p>All of the user information is available in the assertion. You can get at it locally, without having to talk back to us. We just have a web service that makes it easier to verify the cryptographic signatures on that blob. (And it is, of course, open source, so you can run your own if your language of choice doesn't have its own library for local verification.)
I'm looking forward to BrowserID becoming mainstream. I'm sick of trying to remember account numbers or usernames and passwords for websites that I use infrequently.
What will happen to it when they will rename to 'Mozilla Personas'? Will the login screen suddenly show the Mozilla Persona logo instead of BrowserID as it currently does? I can't imagine this gaining any traction with bigger sites / brands if it is pushing the Mozilla brand.
I hope people don't just schluff off BrowserID like OpenID or others. It has a lot of really cool potential and can be as secure as regular user/pass or as secure as certificates depending on how it's setup and used.