Logging in with, say, Twitter account is less secure in aspect Twitter knows what sites you log in, but more secure in aspect the sites can't spam you unless you allow them to do so.
By convention it's a usable email address, but there is literally nothing preventing someone from starting up an email-less Persona identity provider. You'd still log in with your_username@noemailpersona.com, but that's just a formality that doesn't need to be hooked up to an actual mail server at any point.
Never using that account to actually communicate would put it on par with any other auth system you can come up with. Disposable when you want to dispose of it, and no need to ever dispose of it unless you want to. The whole issue with some people changing their email addresses for spam-fighting / inbox-cleaning purposes is a non-issue with this kind of an account.
Now, consider I want to try some service I don't trust. I sign in with a email-looking identifier (which doesn't work as email address) and use the site for some time. Eventually, I become fond of this service and want it to start contacting me. With 123done.org I can't do this, nor at the mineshafter.info, nor at crossword.thetimes.co.uk. Trovebox looks broken to me, so can't tell it works, and I was lucky with voo.st, as it allowed me to add more accounts. Don't know more sites using Persona. Considering, today when you register with only Facebook or Google account relatively many sites don't let you change that binding in the future, it's very likely the situation with Persona will be the same.
Though honestly I suspect browserid would encourage this anyway, since people are likely to use their primary email address, and they are likely to change to a different address in the future. If sites want to keep people through such a change, they'll want to allow changing it (since I doubt I'm alone in resenting sites that require me to maintain an address I don't use. resentment isn't good for retention).
I run my email addresses on my own (physically-owned) servers. I know various approaches to filtering spam, and the best one in my experience is to not have a littered inbox is to have a private non-dictionary per-service email address and not expose it anywhere else.
The only mandatory third party between me and the Internet is domain registrar, I lease my domain name from. Not trustworthy, but this is the best one could have while all authentication systems are tightly coupled with DNS.
