Security threat?

Today, being Friday, was shirk from home day.

While working I was logged in to a remote session to get business emails etc. and someone sent me a link to a google-doc relating to a business matter.

Google detected that I had logged in from a machine based in Sweden (where the remote session was being hosted) and rejected my password (it was correct, copy and paste gets it right, no typos), then asked me some questions (which google shouldn't know the answers to as I haven't told them). I didn't answer them as that would have given them the information.

So Google decided to send me this email saying that someone had tried to log in (I had - it was me!) and forced me to change my password.

Which is the greater security risk - someone logging in to my account with my credentials or giving yet more information to google, that they can't verify before they allow me access? Maybe that's one reason I only use that email address for people who are likely to send me junk!