Your comparison of VEP to OpenID seems a bit off. Without outside knowledge, all an OpenID authentication handshake tells a site is that the user of a particular browser session owns a given URL, which is pretty much the same as VEP.
While you can transfer other user details with OpenID, those details are just self asserted. There is nothing in the protocol that allows the relying party to know whether to trust those values, so by default the values are no more trust worthy than if the user had typed them directly on the relying party site.
The only way people are currently adding trust to this model is if there is a trust relationship between a relying party and particular OpenID providers. For example, if you know that Google will never return an email address that it has not validated, then you may implicitly trust values from identities controlled by Google.
If BrowserID expands to handle additional user information, then it will have to deal with this too. They might have an easier time though, since they're already dealing with trusted third party assertions for the primary identifier.