Be sure you do not confuse Java and JavaScript. Java is a standalone application and applet environment from Oracle. JavaScript is built into the browser engine and relatively unique to each browser which makes the browser an identifiable element of the digital signature. The only similarities between the two are the first four letters of the name (J A V A) and a passing resemblance in grammar and syntax.
Unfortunately JavaScript is essential to the operation of many web sites. Likely Google is using JavaScript to capture, verify, and format the phone number, a relatively common practice.
As for GMail, I send and receive GMail almost every day ands seldom, if ever, log onto Google. Apple Mail and several other MacOS and iOS clients handle GMail flawlessly.
As for two-step authentication many, including Apple, are offering it as a strong security measure. The
Electronic Frontiers Foundation (EFF) and TOR and most security experts strongly recommend it. It is a trade off between security and privacy. For me there is no single answer, rather a case by case choice.
