"However, one form of phishing, known as “man in the middle” (MITM), is hard to detect when an embedded browser framework (e.g., Chromium Embedded Framework - CEF) or another automation platform is being used for authentication. MITM intercepts the communications between a user and Google in real-time to gather the user’s credentials (including the second factor in some cases) and sign in."
In other words, the OAuth sign in is intended for applications which want to access the Google APIs in some way.
qutebrowser (as an application) doesn't need access to your Google Account in any way. It doesn't care about your Google authentication data, and it doesn't use Google APIs.