Why is this an issue? This security check doesn't require Google to know any plaintext passwords, hash checking works just as well here. A fair amount of places keep historic password records to prevent password reuse if they have password expiration.