If Bob logs into Alice's computer and forgets to log out all she has to do is hit the "sync" button and she can now view everything that's his synced with his account. Previously she would have at most his email, now she has that and more.
I don't want to get too far into specifics because I'm not an expert, but I'm pretty sure there are a number of inaccuracies in this comment.
Notably, synced data would have been visible in myaccount.google.com already, and if he had syncing disabled, I don't think there wouldn't be any data synced with his account to view.
In other words, assuming Alice was nefarious, yes this is still terrible, but I don't think it's just still terrible, not worse terrible.
Edit: I'm rate limited, but to clarify, yes syncing is an account wide setting, hence you need to be authenticated to a specific account to change it. The entire point of syncing is to sync data between browsers on different devices.
> Notably, synced data would have been visible in myaccount.google.com already, and if he had syncing disabled, I don't think there wouldn't be any data synced with his account to view.
That makes no sense at all unless syncing is an account wide setting instead of a browser setting, and it's pretty clear that this is a browser setting. Bob could have syncing enabled on his primary computer, log into gmail on Alice's computer where it then logs him in to her browser but without syncing enabled, and then Alice can later on come in and enable syncing by hitting the blue button.
Frankly it sounds like what Google should have done is created a better security system rather than a better notification system. This solves nothing, creates more problems, and pisses people off at the same time.
It makes perfect sense. If Bob has syncing enabled on his primary computer, Alice could enable syncing to copy the previously synced data to her browser. But she could also view the same data on myaccount.google.com.
To me that seems like a decrease in privacy.