Currently email password is stored in the backup. It would be more safe to have the user retype the password after importing backup, at least by default. This will also encourage using different app passwords with providers that allow it, e.g. on Fastmail or Yandex.
For burner accounts we still want to backup the password, because the user does not know it.
Authentication info should definitely be removed from backup in case of OAuth 2.0 authentication, as different apps are supposed to use different tokens. Does it even work currently when after multi-device setup, when one of the devices renews the token while the other one is not aware of that?