The Google Authenticator feature recently added to allow cross device synchronization of 2FA secrets was analyzed and found not end-to-end encrypted. This means Google can see the secrets + the online services associated with those even while stored on their servers. No option to secure this at the moment.