~~It's still passing credentials for the entire account, rather than something explicity scoped to "just update these A records, and these A records only".~~
~~Also as the parent noted, Google have the last few years been very aggressive about "unsafe login" (using usr+pass outside of Google) and this might disappear.~~
Edit: Never mind, buried in the docs it appears the user:pass are scoped.
~~Also as the parent noted, Google have the last few years been very aggressive about "unsafe login" (using usr+pass outside of Google) and this might disappear.~~
Edit: Never mind, buried in the docs it appears the user:pass are scoped.