When I was on my Google Account -> Security -> Apps with access to your account, I can see under “Third-party apps with account access”, rclone is listed there with access to Google Drive.
If I click on it, it’d expand and says rclone has access to: “See, edit, create, and delete all of your Google Drive files”, with Homepage: “http://rclone.org”, and Access given to: “rclone.org”.
I removed this access, and tested adding a remote using rclone config again and it’d reappear.
It seems that going through the configure steps grant access blanket access to everything in the Google Drive. The question is how can we know whether this is for the rclone executable running on my local machine that I just configured, or this is for the rclone organization?