[iki23]

Disagree strongly. Anyone savvy enough ... has probably no password in his/her gmail at all. Btw, domain reg info can be searched anyway.

Also, if you got a strong and unique password, and do not login from untrusted devices that may be keylogged, you're quite safe already.

[Matt_Cutts]

There's also the case of resetting your password for various other services. If someone can get access to your email account, it might not matter whether your actual webhost or domain registrar password is in your Gmail. The bad guy can force a new password or password-reset link to be sent to your email account, then intercept and use that link.

I already use a strong/unique password for Gmail, and I do my best not to login from untrusted devices, but adding two-factor authentication reduces the potential attack surface that much more.

[mkjones]

For online accounts (including email), you're much more likely to get phished than have someone brute-force your password. While keylogging malware is an issue, it's generally less prevalent than successful phishing attacks. There's also the threat of compromised password databases from unrelated web sites (see http://twitter.com/lulzsec) being leaked, and if you share the same credentials, that can affect your email account as well.

2-factor auth gives you a considerable security advantage over "a strong and unique password" and not logging in from untrusted devices - I'd recommend you try it.

(I work at facebook, and we offer a similar thing called "login approvals" - go to "security" under https://www.facebook.com/editaccount.php to turn it on).