Yes, they're taking all of your logins and passwords, including your Google account, and their back end servers are even occasionally logging in with them.
"Also interestingly, while testing Picasa and/or Youtube integration, Motorola's methods of authenticating actually tripped Google's suspicious activity alarm. Looking up the source IP in ARIN confirmed the connection was coming from Motorola."
That strikes me as curious - given that Google owns Motorola. I wonder if Facebook's "We detected a login into your account from an unrecognised device" thing gets triggered by this (and if not, is that because Motorola are for some reason attempting to log in to Picasa/YouTube with your credentials but not to Facebook, or whether Facebook are "filtering out" notifications from Motorola's ip addresses?).
Only when you are using the motoblur versions of those packages. Setting up a Google Account through the initial setup won't send the info to moto, setting up any account in your stock-homescreen for widgets will send your information to moto.
Not true. The article has been updated to clarify that this model does not use the MotoBlur interface. Apparently the code is still there, and still active.
"Also interestingly, while testing Picasa and/or Youtube integration, Motorola's methods of authenticating actually tripped Google's suspicious activity alarm. Looking up the source IP in ARIN confirmed the connection was coming from Motorola."