Consider the recent passwords leak from Adobe: they stored passwords in a dedicated unshared datacenter. Does this make a good security decision to encrypt passwords instead of using a hash because nobody should have been able to access these encrypted passwords? I really don't think so.
1. Data at rest (Adobe) vs data in travel (Google).
2. Software Hack vs Hardware hack
The Adobe data was sitting on a server in a datacenter, it was accessible from the internet on some level. The Google data was taken, apparently, from a dedicated, google owned, unshared link (quite likely a fibre-optic tap)
The methodologies, skill levels and required hardware for the penetrating the above two types of setup are wildly different.
I blame adobe for getting a server hacked, it happens a lot and and they ignored a lot of body of knowledge built up over the years. I do not blame Google for getting their inter-datacentre links physically compromised by a security agency of the US government.
Nor do I blame them for (incorrectly, as it turns out) deeming that an unlikely scenario and therefore giving it low priority.
I would blame them for not doing anything about it now that
they know it is happening but that does not seem to be the case.
(I fully expect companies to encrypt data between datacentres if they are not on dedicated unshared links)
I hear what you are saying but I think there are similarities. In both cases there was an assumption "X is safe" and then the thinking have stopped. I've heard different version of how the data was taken from the google's link and some ideas were pretty low-tech. The data links have been compromised in the past not only by NSA (search for "Operation Ivy Bells" if you haven't heard this story before) but also by criminals or even competitors.
