A security vulnerability affecting all versions up to 0.2.0 has been discovered. Disabling register_globals eliminates this vulnerability.
If you have limited or no control over your hosting environment, disable OpenID logins and delete the directory includes/openid/ (along with all contents).
We will soon issue a fix that would allow phpbb-openid to run securely with register_globals enabled.
Please see the official announcement at http://openid.phpbb.cc/2007/04/28/first-beta
Congradulations! OpenID Auth for phpBB is now an approved SourceForge project!