Re: Call me paranoid..
Two reasons:
1) If everyone gets worried about online security, and stops using the Internet, or even just reduces their use, that would be bad for Google - less people online means less revenue. So Google tries to improve online security. And part of doing that is finding what we're currently doing wrong so it can be fixed. So Google looks for security vulnerabilities and lets the vendor know so they can fix them, then announces the vulnerability publicly so that other people can learn from it.
2) If Google was hacked, that would be very bad PR for Google, and might lead to people switching to other providers. So investigating the security of the hardware and software that Google uses is good for Google, because it can fix or replace it before it gets hacked.
A rare case of "doing the right thing because it's good for the bottom line".
Biting the hand that feeds IT
