While Red Herring reports that Gmail was vulnerable to hacking, Google says Gmail was never hacked and that Gmail users were never at any serious threat.
According to Google, the vulnerability would only work if someone knowingly provided the authentication token that appears in the browser address field after someone logs in. The token is that big stream of numbers and letters, such as:
I've bolded it (and the characters are just something I made up, but they illustrate what you might see when logging in).
If you were to give that URL to someone else, then with further work, they might be able to log-in to your account.
Of course, if you were to give someone your Gmail account name and password, they might be able to log-in your account as well. Neither situation is likely, but the latter is much more in the realm of possibility.
Regardless, Google says it's since fixed the vulnerability, just to be absolutely safe. As for solving the problem of people sending their much more easily accessible log-in information, that remains up to the user, of course.
FYI, the 5 million Gmail user number in the story didn't come from Google, the company says. It says it still has never disclosed the total number of Gmail users out there.