The whole OpenSSL fiasco was well, a fiasco. SSL with all it's pretty colored padlocks proved to be well, "open" after all. You know it doesn't have to be this way right? Google has done great things to promote, adopt, enforce and improve the standards used on the Internet. From removing support for decrepit Microsoft browsers, to releasing a standards compliant reference browser that has quietly conquered the browsing world, to enhancing the HTTP protocol with SPDY. All good.
So how about you take on security next?
Lets start with OpenSSL - please apply your enormous resources extracted from web users mouse click and help turn it into a rock solid, massively tested and audited security project. Extend your security prizes to OpenSSL bugs. Have some of your finest and brightest work on it for a while. And if it doesn't work start from scratch with your own implementation or a better protocol.
In the mean time can you please remove that pesky little padlock whenever I access a site with a broken SSL implementation. In fact better still put up one of those giant "I do not think you want to go here" warnings and make it really hard to go there.
Another thing you can, and should do is deal with this whole password mess. I know you created Google ID and many are adopting it, but boy, it's taking a long time and you know it'll never get to 100% usage, probably not even 50% or 20% of sites. Even those that do accept it still demand another login just in case we disconnect them from Google.
What I'd like to see you do is for all those sites that demand a username and password, just take control of issuing, storing and changing them. Yes I know Chrome can do this for me but you know what, that is a shamefully weak system. I've been using LastPass for a few weeks now because I just finally gave up wanting to trust Chrome - and Chrome wont even auto-generate password for me.
I want you to do everything the LastPass does - maybe just buy them and make them good. Build it into Chrome, Android etc. Keep all my credential in an encrypted blob that never leaves my devices in un-encrypted form. Support two-factor authentication to de-crypypt credentials just like LastPass does. Fill out forms, generate secure passwords, and do it on Android too as part of the standard Android keyboard. LastPass is being sneaky to do this right now using the accessibility interface to auto-fill on Android but my guess is it is not necessary any more secure than copy and paste...
One more thing while I'm at it. You know what the big deal is with passwords? It's not setting them, it's changing them. If I could auto-magically change my passwords on every system I would feel a lot safer. In some ways I was already doing that on a case by case basis since I often forget them (or my user name) and have to do a via a reset email which basically ensures I have my GMail access which requires my 2FA key if I'm not on a friendly device. You know what would be even nicer, if there was a standard for authentication - a REL link metadata to browsers where to go to sign in and where to go to modify the password once signed in or where to go to trigger a password/username reset email. Maybe that already exists, I didn't check, but you are the people who could make a big push to have everyone use them. It would be browser independent anyway so no one should worry about Google championing it.
Once you have that you can then have your password/credentials vault support auto changing of passwords across the board. Next time there is some crazy security fiasco, or someone thinks a keystroke logger snatched some passwords then you can go out and re-randomize passwords. Heck you could even do it automatically on time basis. No one would be even thinking about "what's my password" except for the one very important one they have to remember, and protecting their two or multi-factor authentication devices. You could do things for that too with escrow protocols like you have hidden away in Google accounts for when people die. I'm not saying that the security problem will be solved, but at least it will be heavily mitigated and you know what, this would give people a great reason to sign up for a G+ id and use Chrome (and hopefully Android). Those other guys just wouldn't come even close to that kind of convenience!
Anyway, sorry to be so demanding and sound so entitled to all of these things but it's just what we expect from the world leading Internet and technology company. After all, as I pointed out earlier, all that money you made came because we keep clicking on your ads. No, we don't cut you the checks for the most part, but you get the checks because we keep clicking. The Internet does not surf itself so please help make it an inviting, calm and safe place for us to surf.