I noticed this a while ago. Google is being "evil" here in the sense that it doesn't want to use Apple's security tools (keychain access) and wants to use its own authentication methods. The correct (apple-canon) behavior is to ask for the password every time a user wants to access her keychain (until the end of the session). This doesn't suit google which has its own security paradigm of sign-in-once-access-until-signout. This is why it creates a copy of your passwords to do whatever it pleases with..