I don't see how OAuth could mitigate the problem stated in the article. Once you allow some malucious app to your secret zone, it's done. Your data is now theirs. Doesn't matter if it was OAuth authorisation or you gave them your password (although the second one is probably worse).
Yes, but if they're already downloaded the last decade of your email history... well, I'm not sure how much it helps that you're blocking them from further access. What if they start emailing "helpful" links, invitations, whatever to everyone in your contact list? What if they are rather less strict about how they secure their (your) data, and they're employees spend lunch breaks poking around for public figures who might have interesting histories?
These sharing mistakes are hugely easy to make, and sometimes have unpleasant consequences even with no malice intended on the app company's side.
Someone in our company tried out do.com several months ago, and granted it access to our company directory in Google along the way. We didn't end up using the service; but unfortunately after a while of inactivity they started sending "invitation" emails to not just users on our own domain, but also Google Groups we have set up... some of which include customers of ours who were not at all amused to see that (it appeared) we had exposed their addresses to some random 3rd party without permission.
Apologies all around, of course, but these days it's simply hard to be paranoid enough about this sort of thing. Gmail & Google Apps have tons of useful apps you can add with a few clicks; but what are you actually risking, using them?
