Well, it leans on the fact that it is more likely that Google has good security and that your web app will probably never reach that kind of security.
It also works the other way around, someones Webapp gets hacked (which is far more likely) and the same password is used for google, you get the same end result, but then it is YOUR fault, and not google's.
Isn't this typically the case anyways? A hacker with access to your email account can just use the password reset mechanism to get a sign-in link to your other web sites.