> Even when the system is fully supported without fallbacks,
  > hacking person's email account will grant the attacker
  > ability to log into all websites as the victim?

With or without Persona/BrowserID, your email account(s) is the key for logging into a whole bunch of other Web services, since it is already used for resetting passwords and such. Persona/BrowserID does not solve this problem.

The big picture is that it makes distributed identity easy for the average user to grok.