I noticed (weeks ago) that when I tried to register name 'bluewidget' that a message would be returned "'redwidget' is not available, try 'bluewidget2004'".

This seems to fit the intent of this article but I would hardly call it a high level security risk.

At this point in the process I did not actually have a gmail account and had provided little or no information about myself (G knew that I had another email address, the one I was invited on, and that my name was supposedly xyz).

Sounds very dramatic though (and the vagueness of this article allows the imagination to play with this).

Yes, it's true

A remote user may be able to determine information about another user

but as I saw it, the sum of that information was ... that another person on the planet had the desire to register a google email address of 'redwidget' :)

A remote user with a valid GMail invitation can determine information about another user ....
including the target user's first and last name

This isn't really a big deal other than embarassing for Google. I am willing to bet it will be fixed within hours.

The article was posted 5-Jul and I suspect it was probably fixed prior to the posting.

It is still a beta product.