Waxy has some analysis and handwringing up about OAuth and third-party apps accessing Google account info, specifically Gmail.

I took a look, and yeah, I don’t trust you motherfuckers very much. Tripit and Yahoo are the only non-Google services I have granted OAuth inbox access to. I obviously need to nuke Yahoo, but Tripit is essential.

I suppose the answer is to stand up a dedicated travel-oriented gmail address with forwarding. The problem generated there would be two unique uid/pw instances.

Hm. Anyway, yeah. Nerds who use crypto use gmail and grant OAuth access just like normal people. You know who uses crypto and doesn’t do that? Corporations and governments, and not all of them, even.