Because Android automatically uploads wifi passwords to Google’s servers. Where they’re stored in an easily retrievable format.
The bad news is that, like any American company, Google can be compelled by agencies of the U.S. government to silently spill the beans.
When it comes to Wi-Fi, the NSA, CIA and FBI may not need hackers and cryptographers. They may not need to exploit WPS or UPnP. If Android devices are offering up your secrets, WPA2 encryption and a long random password offer no protection.
I doubt that Google wants to rat out their own customers. They may simply have no choice. What large public American company would? Just yesterday, Marissa Mayer, the CEO of Yahoo, said executives faced jail if they revealed government secrets. Lavabit felt there was a choice, but it was a single person operation.
Translation? Since Google knows your wifi password, so does Barack Obama and the NSA.