You're one of the few whose opinion I would trust on this: how much data would the NSA need to derive TLS encryption keys from encrypted data? I feel like I read once that you could possibly use statistical methods to derive the key if you had enough encrypted source data.
The technique they'd be using to do that would be new to science.
Here it is worth pointing out that Google did something awhile ago to make NSA's job much harder (if their goal is to read everyone's mail): they became aggressive advocates for TLS forward secrecy.
TLS forward secrecy involves the ephemeral Diffie Hellman ciphersuites (which your browser supports). Instead of deriving a session key and using the server's RSA key to convey it, the DHE ciphersuites run the DH protocol to derive a session key between the client and the server, and then use the RSA key to sign the exchange ("breaking the tie" if there was a MITM). The RSA key is never used to convey a session key; if you got all of Google's TLS keys, you would not be able to go back in time and decrypt old sessions that used a DHE ciphersuite.
It is also worth pointing out that some of the hardest people working in security show business, including Adam Langley and Michal Zalewski and Justin Schuh, people with unimpeachable reputations in my field, work for Google on these problems.
Only if you assumed he is fully informed. Do you think Google chief software architect would fall within "need to know", if Google had been ordered to hand over their SSL private keys? I doubt it.