Do those passwords have less rights? I figured that if any of those passwords got compromised, you were screwed (until you found out which one and revoked it).
This has always been the part I don't like about Google's 2-factor auth. Right now, I have one strong password that would have to be compromised to access my email. If I enable 2-factor, suddenly I have (last time I tried it) about 20 new passwords, any one of which could yield access to my email. That does not really seem more secure.
I think the more important question is whether it is less secure. It does make it harder to seize control of the account (which might be a lame consolation, but backups are a good idea either way), and it is (potentially) more convenient in the event that one device is lost or misplaced.
Someone who previously always logged out might be exposing themselves to more risk by storing the app passwords, but I think that's about the only case where it is worse.
It decreases the severity of a breach but increases the likelihood. Per-app passwords can't be used to take over an account. But they can be used to read my email. I think just shifting the permissions a little so that I can "authenticate" without also giving out the creds to my email would be acceptable.
