"Manage my email" is vague, and while it's entirely the OP's fault, it is also a relatively easy mistake to make. I could easily see myself making this same mistake, and it could have permanent consequences.
At some point, you have to either trust users to bother to read what you put in front of them and think about the ramificaitons, or you have to assume they don't and categorically disallow that functionality. And I, for one, am not in favor of categorically denying API access to Gmail.
Why would anyone approve an app that could "permanently delete your mail in Gmail"? I wouldn't.
The bottom line: yes, you really do need to read those pesky dialogs.
I'd also feel a bit annoyed if a Twitter client I was using was unable to delete tweets, and I had to go back to the Twitter website to do that.
The thing about making APIs to let other people interface with your product is that you have to expose all the functionality of that product, or there's not really any point.
There are some fair comments in this thread saying that the "manage" permission is significant enough that it should be flagged a bit (or a lot) more strongly than the common "identify" permission, but personally I don't think the point of the API is something that needs questioning.
That seems to be just what OP expected - he says "I exported my recent e-mail history to Fleep, a collaboration platform used by a new client, and let their software synchronize future e-mails".
So why, based on this, would he feel good about granting permission for something to delete his email? (even ignoring possible confusion over the meaning of "manage"). Delete != read-only.
His first thought should have been "is this too much access"? A quick Google search would have led him to https://developers.google.com/identity/protocols/googlescope..., where he could have seen that indeed there is a read-only scope for access to gmail (https://www.googleapis.com/auth/gmail.readonly).
Obvious conclusions he should have drawn - either:
1) Fleep is poorly or maliciously written, and requires overly dangerous OAuth scopes
2) His understanding of Fleep is wrong, and Fleep intends to do more than just read his emails
I don't know which is true, but he should have investigated before hitting the Internets with his tail of woe.
But at the end of the day, everything worked as it should, and we can probably assume that Fleep does what it says - its simply that he rushed past a warning dialogue.