Thanks for sharing. I already had it in the back of my mind that this cloud sync thing in Google Authenticator was not very secure. I'm getting rid of it right now.
I do see why Google did it; it's going to be difficult to educate users to always set up 2FA both on a primary and a backup device. Much easier and convenient to automatically sync different devices. But your story makes it obvious that something isn't quite right here.
Ironically, Authy's cloud sync feature may have been what pressured Google to add cloud sync[1].
And yes, Google could have added an extra encryption password. But users forget/lose passwords, especially if they normally never need them. So I can see why Google didn't go that route.
I do see why Google did it; it's going to be difficult to educate users to always set up 2FA both on a primary and a backup device. Much easier and convenient to automatically sync different devices. But your story makes it obvious that something isn't quite right here.