The problem with openID is that it's meant to group many different logins together. So if I use 3 different email addresses to log in to multiple sites, which email would RoundCube know to use? And also, I don't think the API really sends the email address, I think it just sends the userID (haven't looked into it in a while).
Not saying it's a bad idea; however, I personally feel that openID is less-secure than using your email and password. Why? Because with the email the user needs to know both pieces of information. With openID a user can get your info from one website that is a forum or blog, and then go into your email account via RoundCube (or some other webmail service) and send emails as you. Is that something you'd really want? Plus, if you change your password on the IMAP server, it doesn't change it with OpenID which is a problem since now you're bypassing the IMAP login function and you'd have to change your password with roundcube (which currently doesn't store passwords because it's a security risk).