[celticjames]

FTA: "If one’s hacked or the list of tokens leaked, everyone who ever used that service risks exposing his complete Gmail archive."

Is that even true? The advantage of Oauth over the "password anti-pattern" is that you can grant limited rights. i.e. sharing my address book with Facebook. That's personal information, but it's not my entire email archive.

I believe this list is the scope of possible Oauth permissions: http://code.google.com/apis/gdata/faq.html#AuthScopes

It looks like granting access the Gmail Atom feed allows access to new Inbox emails (but not the entire email body, I think.) But if you haven't granted that permission, your emails should be safe. (I think. Any expert opinions?)

[csallen]

The Gmail OAuth system pretty much grants developers unfettered access to your inbox. I built a service called Syphir on top of it that literally examined every email you receive, checked the subject/sender/body against some customer filters, and then acted on the email (starred, deleted, marked as read, delayed, pushed to your phone, etc). Google profiled our mobile app when they launched this service: http://googlecode.blogspot.com/2010/03/oauth-access-to-imaps...

There are two reasons they built this system: (1) So apps won't have to ask for your Google password. This password would give them access to much more than just Gmail. And if you wanted to revoke their access, you'd have to change your password, whereas with OAuth you can just flip a switch in your Google settings. (2) So apps won't have to do hacky stuff with curl to interact with Gmail. It's much easier to use an official API.

That said, if it's possible for an application to read/act on your email, it's possible for them to store your email. And if it's possible for them to store your email, it's possible for a hacker to hack it. So if you're going to use something based on Gmail OAuth, make sure you trust them and that they aren't actually storing your data.