It is definitely possible for them to access your google password when you do a local setup. This would require intentionally getting the configuration from a device they do not manage. Possible. I don't know how likely it is and I've seen no evidence in wireshark of this behaviour.
I have seen a raw device (fresh from the box or after a factory defaults reset) check for provisioning information.
For a raw device to provision they must store your google password when you use OBiTalk to do a setup. Then when the raw device comes up and checks for provisioning, it will get the information needed, including your password, and be running again the way it was previously configured.
You can configure in OBiTalk a device that is not currently online. It may not come online for days or weeks or longer. The password is stored so that when it does come online the password and all other config can be sent to the device.