CommunityAPI SSO provides user provisioning, authorization and single signon capabilities against CommunityAPI providers.
OpenID is an excellent solution for cases where you need Single Sign On and you might need it across services operated by different entities. However, it requires the user to know a bit about how the system works and it won't provide authorization. It also operates on a user-by-user basis, while CommuntiyAPI operates on the entire application.
LDAP is a source of authentication and authorization information. It doesn't (by itself) provide single signon. CommunityAPI is, first and foremost, a simple way of implementing single signon. The source of the authentication data could well be an LDAP server in the back end of things.
This plugin communicates with the CommunityAPI provider via HTTP or HTTPS (the latter being as secure as the PHP CURL library makes it). If password proxying is used, WordPress sees but doesn't store the user password.
The size of the plugin allows for a fairly simple security audit of the code, should one feel so inclined. Note, however, that it has not been verified by a third party thus far. You have been warned.
Replay attacks between the consumer and the provider are definitely possible and man-in-the-middle can ruin the day. Wrap the traffic in SSL if this is an issue for you.