yes, you should definitely use Google two-step verification.
Everyone and their brother should read this:
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
Good to hear, have that enabled already. It is a pain when signing onto unfamiliar computers (and it is impossible without my cell) but it is secure.
And I never have put my credit card on my google account.