You must guard your Google account login especially if you are using AdWords as if it is your bank login ID. It is a good idea to even change your password every month in Google to protect yourself.
Personally I feel that after having a previous client have their AdWords account hijacked several weeks ago that Google is wrong to force users to have one master Google login. If someone gets a hold of your Google master account, they can wreak havoc in so many areas now that Google has required it’s use across it applications.
If there was one thing that I could tell Google, I would say let AdWords have it’s own login and even if the user email is the same allow for AdWords to have its own password different from the Google account login.
The client who we know who had been hijacked had been fooled into revealing their login and password from a phishing email sent as a Google AdWords correspondence. It is so very important to know that for PayPal and now Google AdWords that you must never login by clicking a link in an email or send your password plus login together in an email. I say PayPal as well as it has long been known that PayPal has been a target for phishing campaigns. As for AdWords, phishing is new for them, just this last week I have received over 15 emails supposedly from Google to login from a link in an email. So my suggestion is to very carefully guard your login and change your password for Google with a degree of regularity. You must actively work to keep yourself safe from AdWords bandits.