Hmm. So now how can I be sure that ext_1 is the same person as brad? I think a good next step would be to allow logged-in LiveJournal users to optionally do the OpenID login dance to prove that they have a given OpenID identity. It could then be optionally displayed on the userinfo page.
When it comes down to it, there's little to stop someone just putting the openid declaration at every URL on their site and doing a similar “attack” to the query string one we've seen here. There's little to be gained beyond a little amusement from doing this anyway, so it doesn't really seem to do much harm as least as far as I can see.