[jrm4]

Explain exactly why her solution was so bad, especially as compared to the others, because I'm not at all convinced that it is.

Sure, it's perhaps dangerous to give Google all that power, but I quite literally would trust this more than any third-party password manager that does any type of off-your-computer storage.

[dublinben]

OP already mentioned that the UX on mobile was really bad.

A real password manager (like Bitwarden) would be integrated into the mobile OS, and automatically prompt to fill passwords. It also doesn't provide any functionality to generate secure, unique passwords for each site, so it encourages insecure reuse of passwords. Further, it can't notify the user when a password has been compromised and should be changed.

Different people have different threat models, and improving usability of good tools can improve security more than perfect tools would.

[SturgeonsLaw]

If she's signed in to Google Drive on a computer and that text file is synced locally, it can be read by any old process that has just user level privileges. No elevation or anything tricky required.