Comment by agf

The reason this is an issue is that the sub value changes often enough that intergrations ignore it rather than bother users with having to re-OAuth.

As far as what Google is doing in the bug bounty, that's a good question -- we don't know. The author is proposing two new values, for the domain and user, that wouldn't change in the cases that sub changes now, but would change in this case.