GGP said hosting, but I think they mean email hosting. Even if you keep your actual registrar account @gmail or anther third-party, it's not recommended to handle your registrar, DNS, and email in the same place, since a compromise of any of them is likely to lead to compromise of the other systems (eg. an attacker gains admin permissions on the website / backend and uses it to reset your email password and download your email inbox)
I'm sorry but I don't understand what you're saying. The sentence was literally "Transfer the domains over to a better more secure registrar." This is about domain names and registrars and it's implying that Gandi is insecure. Your point about putting your eggs in the same basket is a different point.
