The issue here is the economic importance of something as the Google Account.
I personally suspected from day 1 that this was the target: partly because they reveled that some dissident's gmail accounts were hacked.
Well, in G's world, if you can access Gmail, you can access everything else too (because of SSO/Gaia)
SSO is OK, everyone else does it (M$, Yahoo, FB...) the problem is that a lot of G's services are actually economically important (adword, adsense, webmaster tools, analytics, docs)
this is the hardest thing for the cloud: protect the login.
However, I think G can pull it off, they have enough talent at hand for this.
Some suggestions: the login protection should be behaviorally based: take into account source, tool used for login, action once in the account, etc...