I don't think it results in a real net loss here. Somebody has to make the identity decision. In a distributed system like OTR each individual person makes their own decisions and those who make poor decisions can suffer for it (but because of the perfect forward secrecy their conversation partners shouldn't suffer unless they've made _other_ bad decisions).
In the centralised systems we all pay for the poor decisions of a handful (well, now a very large handful) of central authorities like the SSL CAs.
I think fingerprint based key management has the exact same potential for ordinary people who are not very interested in security to screw up. Most people I've ever asked to sign my GnuPG key have been willing to do so by email without ever confirming that they're dealing with me, not even making a phone call. I routinely receive emails with encrypted attachments, followed by emails with the password to decrypt them for exactly the same reason.
Where identity is most solid (e.g. close friends, conspirators, family members) the potential for strong secrets is actually pretty good. I think if you asked my (now deceased) father to try to use this to verify he was talking to me he'd write "What's the family password?" and I'd sigh and roll my eyes but any bad guy who wasn't a close family member would be screwed, because although it's a very silly password there's no way it's on record anywhere, nor is it low entropy enough to attempt a brute force (this password was intended to authenticate any non-family adults who had been deputised to collect us from primary school in an emergency).