It looks like Davenum has found the first security hole in Android, a quote from the comments:

I’ve tested your code and it seems that content://googleaccounts/accounts/ returns login and hashed password, however content://settings/googlelogin returns login and password in plain text, so basically any application can read your account settings.