...
With OpenID, your password is only given to your identity provider, in this case the WSO2 Identity Server, and that provider then confirms your identity to the websites you visit. Other than your providerthe Identity Server, no website ever sees your password, so you don’t do not need to worry about an unscrupulous or insecure website compromising your identity.