one good thing about using an algorithm as old as ECC is that any patents that may exist should be hitting teir 20 year lifetime and expiring soon (if they haven't already)
those who remember the RSA patents expiring will remember that there was a lot of use of the algorithms prior to the expiration, so when the magic day finally hit the software was well tested and ready for widespread use. it will take a while for people to get comfortable with the idea of doing that much encryption, so I expect that patents shouldn't be that bad a problem.
at least this time djb is advocating a protocol specification rather than just a specific implementation. that should avoid a lot of the problems that people (including me) have had with his stuff in the past
as for the idea of DNSSEC being safer due to the encryption keys being on another box, people who are interested in doing that sort of thing right will buy hardware encryption accelerators that isolate the key from the system, and almost everyone else will have their keys on the servers so that they can update things easily. so I don't see it as a very singnificant difference in risk.