Avoid unrestricted access to web accounts
Usually I try to avoid setting up access to web accounts, but doing so right now it seems like “Preferences” ask for all rights available. I believe this is wrong. Applications should ask for specific permissions, and only when there is a identifiable request should it be given the right, if allowed by the external web account.
When preferences asks for all rights available, then it will be very tempting to use Gnome as such for an attack against the external web account.