> "Third, we’d rather not engage in an arms-race with US government agencies."
> Read: we are afraid to lead here, because backlash from the government (and the public?) could be too damaging for Mozilla.
I read "This is a race we'll probably not win and even if we do, we'd have a lot of power tied up there. But we can win by just changing the rules, so let's do that."
The US has been changing the rules since decades. The shadow government has adapted to those changes, becoming more and more powerful with each change. The US will pass a couple of "government openness" laws in the coming months (years?). The shadow government will laugh at that, move operation proceedings to the new release, and increase the broadness of surveillance, thanks to improvements in technology.
The only way to stop this, until privacy technology is widespread (which I hope will become a huge topic soon), is to stop doing business in the US right now.
Note that moving the servers from the US would not be sufficient - you'd have to move the domain to a TLD not controlled by the US or any other entity that they can influence. You'd have to host with a provider independent enough etc.
Thus, the stated goal of persona is to remove the need for a centralized auth provider - thus sidestepping the problem of where those centralized servers are located. That's why they don't want to engage in a whack-a-mole game with the US government.
So you are saying that Mozilla can be a trustworthy partner in the development of Persona (since it is opensource, I guess?), but not a trustworthy Persona provider (since they are US based). That sounds reasonable, and Mozilla deserves much credit for that.
I read "This is a race we'll probably not win and even if we do, we'd have a lot of power tied up there. But we can win by just changing the rules, so let's do that."