This is exactly the sort of discussion I want to see in the middle of all the excitement. Let's air out the pieces of the system that are most troublesome, are glossed-over, etc., and ensure there's a solid foundation here to build upon. Hopefully Google will provide good answers for a lot of the concerns he raises.
The following quote is more of a minor note, but it was something I didn't think about until I read it:
While this "permanent memory" was there almost since the beginning of the Internet, it was never before real-time. How could we take back an information from a Wave? Imagine you have misplaced your password to the wave instead of password input box. It will always be visible. OK, I could change my password, but what about unfortunate copy&paste event with a credit card number?
I've played with Wave and the live editing feature has already bitten me a couple times. I haven't found the setting yet, but supposedly you'll be able to toggle that feature, so wavelet edits are only transmitted when you "commit" it.
I really hope Google turns it off by default, or at least gives you an account-wide setting to disable by default and let you enable it selectively.
It's also worth noting that I think this would be enabled/disabled at the client level rather than the protocol level, so alternative clients will certainly offer more control.
The impression I get from this summary is that Google built a really nice web app and then decided to call it a "protocol", but it's actually just a high-level description of their architecture -- you cannot use the "protocol" without creating something functionally identical to their architecture (compare to, say, email and FTP, where you can create a trivial client or a rich one on the same protocol).
The Google Wave client could exist independent of at least the federation part of the Wave Protocol, if Google didn't care about interoperability with 3rd parties.
That said, they're not stupid, of course, so they realized unless they make it open and bake in federation from the beginning they'll never get widespread adoption.
Now if Wave does become popular, Google will be in a pretty good position. They invented the thing so they are experts in it, and have a big head start over everyone else with things like the Spelly and Rosy robots, and likely a more scalable infrastructure than the reference implementation they plan to open source. They'll also have a lot of control over the protocol.
The following quote is more of a minor note, but it was something I didn't think about until I read it:
While this "permanent memory" was there almost since the beginning of the Internet, it was never before real-time. How could we take back an information from a Wave? Imagine you have misplaced your password to the wave instead of password input box. It will always be visible. OK, I could change my password, but what about unfortunate copy&paste event with a credit card number?