Well, of course. One could ask "What did he think was going to happen when he installed a 3rd party mail reader?"
Thing is, encrypted mail and trusted clients means you could store your email at supersketchy.ru and it wouldn't matter. It's the way to make those kinds of choices safe, Or, rether, just having permissions doesn't security is adequate.
3. Click "Deny" when the app explicitly has Google's OAuth flow ask if you want to give it permission to read, create, and delete all of your email.