No need to say thanks... you're helping others with this plugin :)
I see now what the issue is and it might go a bit further than just merging or not accounts. I think the issue actually is "How to determine for 2 different accounts if they share the same human being?" :) IMO, and also taking a look at how stackoverflow handles this, there is only one approach: the email address. I think there are only 2 cases in which a user could link 2 accounts:
1. A user registers with a facebook provider and facebook returns firstname.lastname@example.org. So you add that email address for the user. The user logs out. Then the human being tries to register using twitter. If the email twitter returns is also email@example.com there is no need to ask/warn for a merge because, on one hand, there is no merge as no 2 accounts exist yet and, on the other hand, because the 2 emails are the same and are validated so it is indeed the same human being sitting in front of the computer
2. A user registers with facebook provider using firstname.lastname@example.org. Being logged in, the user finds an option in their profile that would allow them to link their account to another email address. So the user clicks on that link, is requested a set of providers to link with and then the user executes this process. The user should be able to choose which would be the primary email address for Q2A (that would be the one that would allow the user to login with their email address on the site... right now Q2A does not support multiple email addresses)
Regarding unconfirmed emails, I personally, wouldn't allow users to post anything if they haven't confirmed their emails. Probably the plugin should have an option to allow linking/registering accounts with unconfirmed emails. If the provider returns the email address everything is fine. If the provider doesn't return the email address (I didn't know some didn't... which ones are them? AFAIK, lightopenid allows you to force this... not sure about how twitter handles this) and the admin allowed unconfirmed emails, taking Stackoveflow's approach the user would be able to use the site normally.
Now, to continue with unconfirmed emails, consider the following situation. User A said they owned email email@example.com. User B is the real owner of that email address. User B tries to register using that email address. Currently, Q2A will not allow this to happen (I don't like this but that's the way the core works). You should take that into account and handle this situation according to the core rules whenever a user tries to register with an existent account.
So you can avoid merging accounts for unconfirmed emails. Now in the case a user registers with 2 different email addresses per provider then the user is asking for it: 2 different users have to be created. Try that on stackoverflow. It is exactly the same situation as registering twice with different emails: 2 different accounts will have to be created. An awkward situation might happen though. You have these 2 accounts registered and in one of them you go to your profile page and then you request to link your account to the same email address on your other account. This would be the closest thing to a merge situation because it is OK for those 2 accounts to exist but the linking can't be done without removing the other account. Having said that, stackoverflow's approach is to not allow this linking and asking the user to logout their current account and login as the other one or just cancel the operation. I absolutely agree with this. Removing or merging users is, IMO, a no go and will bring a lot of trouble, questions and doubts to users.
Hopefully this has clarified how I think this plugin should behave. Anyway, if I were you I'd have a list of all possible situations to handle considering different core settings such as unconfirmed emails or login only allowed by email. Probably decision tables would help you with that http://en.wikipedia.org/wiki/Decision_table
. Keep it up :)