I do have to say this was not intended personally. I listen to the StackOverflow podcast religiously, and I very much enjoy his work on that.
Sure. I'm an avid reader of Coding Horror as well, partly because the guy is an skilled blogger, and partly because he usually talks about something interesting, but I thought some of the issues you point can be explained by certain Jeff's posts. That said, Stack Overflow is not only him, so that would explain the extreme contrast between things he said and how things were implemented in the site.
While I do understand the point he makes with regard to storing user credentials, you cannot tell me there are not solid and well proven frameworks in just about every language under the sun for storing user credentials securely. Where people become unstuck is when they decide to roll their own and inevitably screw it up. Lazyness.
Well, it also lines up nicely with his disdain for having several user credentials in the web. While it's the first site I have encountered to require OpenID, at least they have several providers to choose from. I'm not exactly sure about that wrong direction you say OpenID is going, but while the idea is certainly nice, the execution is weird to say the least, and I don't think that most users really care about the whole thing. Even now, that everyone and their dog is jumping on board, including (gasp!) Microsoft, it's becoming more irrelevant each passing day due to various reasons (browsers and passwords managers doing a "good" job storing different credentials, the vast majority of users not having that many passwords and logins to remember, etc.)
Spectacular lazyness, and cheapness. He's also having us sign up to yet another service, which is rather irresponsible/hypocritical given his standing on storing user credentials...
Perhaps they reached the conclusion that many people would already have a Gravatar account (giving how essential is for blogs and the like), who knows.
I'm not sure I followed this one correctly, but it sounds like he's saying BBCode is the only sane alternative to letting your users put html in their posts. That is most definately correct, but it does not explain, nor justify, his development of a completely new syntax for his BBCode. One that makes substantially less sense than the kind we're all familiar with, I might add.
Yup. I googled a bit about Markdown, which is another light markup language as BBCode as you may know, and it seems it does not offer
XSS protection. Why they choose Markdown over BBCode? Dunno.
Not sure of your point here Lash Man. CAPTCHAs are fine, but not when you have to fill one out for your first 10 comments and votes. Just silly. If they're having such massive SPAM problems, get more moderators on board.
Ooops, sorry about that, looks like I mixed thoughts. Then it's also probably done to avoid sock puppetry, and avoid giving yourself some extra points. That said, it's not that CAPTCHAs would be such an effective dissuasive method.