National federated login; Connect with Facebook, login using Gmail; Vulnerability?

I keep running into web sites with buttons for login or connect with Facebook, Gmail, Amazon etc. This offering really has me worried about how easy it would be to scrape a userID and password for just about any popular site. It would be trivial for a web designer to use the connect with Facebook button, collect your userID/password, then submit it using the developer API. So before you trust a new federated identity method that Facebook wants everyone to use, consider the website you are entrusting your credentials with. How about you stop by my website and login using Facebook, when the fails, I'll ask you to try your Gmail, then Amazon account information, while you are at it, you might as well give me your SSN and PIN. Think about what and who you are entrusting credentials with.