Stop ! If you're on an untrusted machine, this is untrusted, too. It should be pretty easy to install alternative certificates, MITM this page, and serve you a bad QR code that will give access to your account to a someone else.
They might not be able to change your password (if you have 2-factor auth), but they could read/forward all your mail, delete documents, etc.
This isn't enough to work on untrusted computers on untrusted networks (but it's still damn useful for fast-login).
You're then reading the QR code on what is assumed to be a trusted device on a trusted network (your mobile phone). The QR code would have to link to a bogus website mascarding as google in order to intercept your username & password. It requires a degree of vigilance on the part of the user at this point to ensure that the login page is genuinely google, but anyone using this auth mechanism must be reasonable security conscious to start with.
By your assertion, the only solution is to not use untrusted computers / networks at all. In the event that you have to this is one way to do so more securely.
This is not what he's talking about. Someone could open the sesame page on another computer, and use MITM to serve that code to you. Then, you're giving someone else access instead of yourself when you log in on your phone.
If you're this distrustful, don't use the computer. This entry only seems to prevent keylogging attacks.
They might not be able to change your password (if you have 2-factor auth), but they could read/forward all your mail, delete documents, etc.
This isn't enough to work on untrusted computers on untrusted networks (but it's still damn useful for fast-login).