I'm not naive enough to think that Google is looking out for the little guy in the privacy arena, but I assume this isn't the default (opt-out) behavior. Anyone have an authoritative link on this topic?
No, they don't give any permissions with OpenID. This page lists both OpenID and OAuth-using services. For an example of a service that uses OAuth, try LaTeX Lab (http://docs.latexlab.org/), which uses OAuth to get access to your Google Docs.
I'm trying to get some attention from Google about this (potential) privacy issue. How can I be sure that "google.com" is my own Google account? Why does the authorization get automatically renewed after I revoke it, and without my consent? Why does a Google service require an additional authorization to access my account, and why doesn't Google provide any information about it? Worse, I have no way to confirm that it isn't someone else's account that have full access to my data. If it's the case, someone may have read my private calendars for months, and the only way to stop this would be to delete my whole Google accounts and the 80+ services associated with it.