I think you are misunderstanding what he is saying. If you use Google to prove your identity to every website you use, you are giving Google access to all of those websites.
I believe the intended meaning was that if you login at randomsite with google, google has access to your randomsite account, as opposed to randomsite having access to your google account.
It's a legitimate concern, but there's no way around it with third-party authentication. You always need to trust your identity provider, don't you?
I don't see how separating identification and authorization conceptually helps. You have to trust your identification provider, in any kind of a federated or multi-party system. (Ie, a system where you can log into your google account and get access to another system, whether using OpenID 1.0, 2.0, OAuth, whatever).
Having Google impersonate me is not what I fear, it is so obviously evil.
Having Google hurt me is what I fear.
Google's use of its identity service is not on an equal footing as RandomWebApp's. Having a Google+ identity means accepting its TOS for a specific list of services provided by Google[1].
Violating the TOS (eg, by misusing, even accidentally, one of Google's services (think DMCA and ContentID mis-tagging fair use material, or even by not providing the name that the US has registered for you)) means losing your identity. That has definitely happened to at least a dozen of people I know.
Additionally, Google enforces identity in the context of a company based in the US. Whatever obligations it has in front of its government, and whatever weaknesses the government finds, will allow misusing your identity, even when Google itself isn't being evil.
[1] Excerpt from the TOS:
> Our Services are very diverse, so sometimes additional terms or product requirements (including age requirements) may apply. Additional terms will be available with the relevant Services, and those additional terms become part of your agreement with us if you use those Services.
That's not a very quiet way of doing it, though. Even if they hid the reset email from me, I'd be locked out of my account, which could raise suspicions.
> If you use 'Login with X' you're giving X access to all your accounts.
That's definitely not correct. You are giving X to access only whatever scopes you allowed, on a single account.
Here's an example of just 'userinfo'. Click this and see what it asks for: https://accounts.google.com/AccountChooser?service=lso&conti...
Per the screen, it only allows:
" - View your full name, profile picture and profile URL"
" - View any publicly available information on your Google+ profile (if you have one or create one in the future)"
It can't see your photos, see your contacts, read your email, post G+ messages, or anything else you didn't authorise.