In addition to the downsides mentioned here about privacy regarding Google, there is a major upside to using this service: it offloads all of the authentication logic to google, so in theory it reduces your risk surface area, or it may be more accurate to say it concentrates your risk to your Google account.
You’d like to hope most websites use using common security best practices and keep on top of things but the amount of websites I had accounts on (on websites I had long forgotten) which have been pwned over the years tells me otherwise. Using google auth sets your account security to be exactly as secure as your Google account.
I disagree about rejecting funding from intelligence agencies. I hate the concept of their existence, as well as what orgs like the CIA have done (and proceed to do) but given the fact of their existence, they do have legitimate reasons (in this case I mean reasons that align with Signal’s current goals rather than in order to change them) to fund Signal, and if that results in funding secure software, all the better.