For example, go to the OpenID demo page:
http://www.danga.com/openid/demo/demo.html
And try to validate some of these:
http://localhost-fortest.danga.com/ (resolves to localhost)
http://1117130646/ (livejournal)
http://kumquat.s8n.me.uk/ (resolves to 192.168.2.1)
http://0177.0.0.1/ (localhost)
The paranoid useragent will slap 'em all down. Including if people did a valid webserver which redirected to a hostname which resolved to a CNAME which resolved to an internal address... with every step of the CNAMEs and addresses being checked.
I wonder what PHP's default "filename can be a URL" does about this problem. But PHP cares so much about security, I guess. :-)