A security researcher from Pure hacking (imagine that) has demonstrated a proof of concept program that can abuse Gmail in such a fashion that incoming email and contacts can be forwarded to others, assuming the user opens a bad URL:
According to Gatford, attackers could compromise a Gmail account--using a cross-site scripting vulnerability--if the victim is logged in and clicks on a malicious link. From that moment, the attacker can take over the session cookies for Gmail and subsequently forward all the account's messages to a POP account.
In my day to day work, I have encountered more and more people over time who have switched to Gmail for personal, school and even work use. The article brings that point up and makes it clear. People are very inclined to swap data between work and home, especially if it makes their daily work easier.