Google should consider adding an option to lock your account access based on IP range or even a geo-located area based on IP address. There are some challenges to geo-locating IPs, and this wouldn't stop a determined hacker, but it could foil a significant number of attacks.

They also might want to provide some reporting for users to know when their account was accessed or attempted to be accessed and from where.