function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Files Connect - Authentication Provider Refresh Token security

I am following the steps here, Create an Authentication Provider for Google Drive (" target="_blank) to configure Files Connect with Google Drive. 
I noticed that the access type for the Authorize Endpoint Url is
which means that Salesforce will get a session token and a refresh token after the Salesforce user authenticates with Google the first time. Salesforce will store the Refresh token and will use it later to automatically get new access tokens using the OAuth workflow.

The concern I have is that if Salesforce becomes compromised the Refresh Token will give access to the attackers to google drive as well. 
Can someone help me what is the mitigation to that risk? Is Salesforce encrypting the Refresh Tokens or how are the protecting them?
Separately can I change the access_type and always prompt the user to sign in with google which might be a little annoying but if my admin is obsessed about security it is a mitigation?