I only started reading into the Retool case because there was the claim above that sounded serious and scary:
> Google Authenticator started syncing secrets to the cloud[0] which means that those secrets can now be accessed in new ways outside of the user's control[1], which resulted in a huge breach at a startup called Retool[2].
I don't think anyone would seriously claim that, but I think it's fair to call it an unfortunate additional hole in the swiss cheese.