To really consider the ramifications of this, you will need to consider the adoption and spread of such technology before determining how much it will increase or decrease vulnerability. Right now, what it does, is send an E-mail message to the registered E-mail address of the account, (or in many cases, the E-mail address is the account name... which is another interesting issue altogether...) and the user then uses the one-time authentication link to gain access to the resource.
Some issues that I can see:
People will use the same E-mail address for their authentication.
Right now, it seems convenient. It's simple, understandable, easy, and might reduce your password load. However, how often are people going to go create ANOTHER E-mail address? Almost never.
Widespread adoption shifts responsibility
This is something obscene really, in my opinion. So you send a message to an E-mail account that cannot use E-mail based authentication (or if it does, it has to terminate somewhere where there is an alternate form of authentication), and force the E-mail provider to carry the burden of authenticating your users for you. Brilliant. Let's just make THEM (competitors) carry the hashed and salted password databases and use their databases for authenticating our users. Don't you STILL need a password to access the resource? Yes. It's gotta end somewhere.
I don't like it. At all.
It's going to be less secure as it gains adoption because it focuses the point of failure. It may even be less secure now, because you have all of your eggs in one basket, and don't even have the benefit of compartmentalized damage. Not good.