What I meant is that when you accept "any" OpenID assertion, you don't really know who is authenticated unless you know something about the OP. The example you gave (rogue OP) is one example of how OpenID could fail – there are others, though.
My current thinking is that we should have a configurable option, probably as JAAS configuration options, that defines what OPs we accept OpenID assertions from. We would use SREG to obtain the information needed to create an account In JSPWiki.
By default, the list of acceptable OPs would be a short list: Gmail, Yahoo!, VeriSign and probably about a half-dozen others. But if the admin wanted, they could configure the system to accept any OP. This would be the "other" OP option you describe in step 3.
As far as registration confirmation goes – that is a separate issue. You can turn on workflows for confirming registrations today, for all registrations. I think this will work the same way in 3.0 – approvals are either on (for every OP) or off.