Why the downvote? This is extremely relevant. There is no 100% security, there is no reason to store sensitive information (even "encrypted").
Had this been a session token the problem would have been less severe (session tokens won't be reused on the user's Gmail account for instance), easier to detect, and easier to mitigate once discovered.
Had this been a session token the problem would have been less severe (session tokens won't be reused on the user's Gmail account for instance), easier to detect, and easier to mitigate once discovered.