I'm quite hesitant about giving any third party access to my personal data, although Facebook clearly has a very accurate profile of me. However, OAuth seems quite cool if I ever were to do so on a more extensive level (for instance, I've never given facebook access to my gmail account for it to obtain my address book).
I'm not keen on OpenID though. At the moment if someone grabbed my facebook password I'd be understandably annoyed. But if someone grabbed my OpenID password, and I used that for lots of sites, I'd be devastated.
So use a good password, and don't use an untrustworthy OpenID provider.
Most sites will send auth details by email if you forget your password; having your email password taken is just as much a risk as having your OpenID password taken.
I'm not keen on OpenID though. At the moment if someone grabbed my facebook password I'd be understandably annoyed. But if someone grabbed my OpenID password, and I used that for lots of sites, I'd be devastated.