There is definitely not much value here for risk involved (handing out your credentials to a 3rd party). Although interesting, the hack seems pretty straight forward. I wonder if they had to do something more complex for 2-face authentication enabled accounts (gmail) or that is not supported?