I worry about Persona, for exactly the same reason OpenID chose the design it did: It's a serious mistake to permanently tie email to identity.
It's still possible within the framework of Persona to fix this -- the browser / identity provider needs to support freshly-generated opaque "email addresses" for each new site that needs a login. This prevents tracking and spam problems, but will also require both providers and relying parties to downplay the 'email address' token in the UI, which I fear is far too much to ask.
It doesn't even ask for a password. I don't think it would be too much work to create a Persona service like 33mail.com, which provides your own domain for email and authentication. That way, you would enter "myaddress@domain.33mail.com", the site would send you there for auth, 33mail would reply that you are logged in to your account (if you were, obviously), and that'd be all.
It's still possible within the framework of Persona to fix this -- the browser / identity provider needs to support freshly-generated opaque "email addresses" for each new site that needs a login. This prevents tracking and spam problems, but will also require both providers and relying parties to downplay the 'email address' token in the UI, which I fear is far too much to ask.