That is all very nice but has one fatal flaw, you have to trust Google.
What is to stop a "rogue engineer" from tracking who is using these repos? Or even adding tracking code to the packages themselves?
Then you must consider the lifecycle of the average Google product.