Google Authenticator Sync to Cloud: Unencrypted Network Traffic

A new Google Authenticator Sync to Cloud feature in the two step verification app for Google has privacy advocates saying that the communications between the endpoint and the cloud is unencrypted. The lack of encryption means that the secrets in the two FA QR codes when they're generated, so these are one time secrets can actually be compromised and intercepted. It also apparently means that a search warrant for your Google data can then access the authenticator sensitive data. So I get that seeking your multi-factor secrets across devices is convenient. It does come at the expense of your privacy.