Construct does not hold any passwords to any of your cloud services. When you log in Google gives us a ticket which construct holds on to. Whenever construct saves a file it shows the ticket to Google. If Google decides the ticket is valid then the file is saved.
This ticket is only valid for 1 hour, after that we have to ask for a new ticket. When you press the logout button we throw the ticket away.
When we need to get a new ticket we will open the Google sign in page, and wait for it to give us a ticket back. We have no control over the Google sign in page. When you type in your user name and password you are giving it to Google, not to us. We never see your password.
If your browser is already signed into your Google account the sign in page may just return the ticket to us, as you have told Google that you trust C3. Unless you are using your personal computer, with adequate password protection, I would not advise leaving your Google account signed in. Anyone using that browser will be able to view your gmail, drive files, etc. If it's a shared computer then I suggest that you use either a guest or incognito window. These will sign you out of Google once the window is closed.
Finally, on your Google account settings you can "untrust" any applications that you have granted access to your Google account.