> By default, Google Authenticator syncs all one-time codes with a Gmail user’s account, meaning if someone gains access to your Google account, they can then access all of the one-time codes handed out by your Google Authenticator app.

When business guys are involved in a security app. Many of us can easily imagine the "user story" that caused this.