If my Facebook password and some old website's password are the same my Facebook can be compromised. Then the attacker can run around on the net pretending to be me at any OpenID accepting website.

OpenID isn't being attacked or at fault, it's non-unique passwords.