What are the differences between the PHP implementation of Janrain's PHP OpenID library and the LightOpenID.

Is one more secure than the other?

According to Google's best practices page:

A correct OpenID implementation has to:

1. cover checking of cryptographic signatures

2. checking of nonces

3. Yadis discovery

I'm guessing the Janrain's library does fulfill all these requirements as Google recommends the library, but is the LightOpenID fulfilling 1 & 2.

LightOpenID uses the stateless version of the protocol, making it a lot simpler than the Janrain's library.

The stateless version delegates validation (anything related to cryptography, nonces, etc.) to the provider, so LightOpenID doesn't check that by itself. It does, however, follow the spec in that matter, so it isn't a security issue.