I noticed (weeks ago) that when I tried to register name 'bluewidget' that a message would be returned "'redwidget' is not available, try 'bluewidget2004'".
This seems to fit the intent of this article but I would hardly call it a high level security risk.
At this point in the process I did not actually have a gmail account and had provided little or no information about myself (G knew that I had another email address, the one I was invited on, and that my name was supposedly xyz).
Sounds very dramatic though (and the vagueness of this article allows the imagination to play with this).
Yes, it's true
A remote user may be able to determine information about another user
but as I saw it, the sum of that information was ... that another person on the planet had the desire to register a google email address of 'redwidget' :)