Re: Infrastructure
The specifications are open, so if you're curious you can check up on them.
As for being used as a super-cookie, well, I suppose if you login using (eg) Google, and use that authentication to log in to a bunch of other sites, then Google may well be able to track which sites you've logged into. The solution to this is of course, not to login using Google.
So in general, it looks like the end user gets to decide who gets their login data.
