GMail API Follow Up

When I first wrote about Google's new Gmail API, I really only focused on
its applications to write better email clients, but I didn't really touch on how
it would apply to other sets of applications. A developer could make any number
of applications that did things like sent emails on your behalf, checked for
flight and hotel confimations (a la Google Now), or found emails in your account
to which you had not yet replied. At the moment, email is probably the best glue
we will get for all the imperfect systems that we use together. It would be
better if everyone had their own API for users to access their information, but
that is both a hard sell to management and is a large amount of effort to
maintain. IMAP, and now the GMail API, to access emails from services we use are
probably the best we are going to get.

The main question I have at the moment about the API is that of security and
granularity of data permssions. Recently, Ben Brooks of the Brooks
wrote a piece commenting on the announcement
wherein he responds to a comment about the API being more secure than IMAP:

I find this statement really odd. The phrasing starts off to make it sound as
though you have fine grain controls over what someone can access over the API.
I picture something like: “Only emails with Confirmation in the subject line.”
That actually would be pretty great.

And then you read the rest of the sentence and it sounds more like the API
privacy controls will be more like: “Send only, Scan only, Send & Scan.” Which
is really nothing to brag about.

All of that leads me to: how is this less of a concern than IMAP?

Brooks is absolutely correct here. If the permissions are as granular as, say,
Android's, then this will allow users to have applications interface with their
email in a way that is more secure than what is offered through IMAP, which
would be a definite value add for the API. It is very hard to sell a new,
proprietary standard if it does not improve on the widely available open
standard. On the other hand, people using GMail might not be the most security
aware people. I, for one, would appreciate more granular permissions.