There seem to be multiple issues, for example:
1. The full sync doesn't seem to take into account privileges as far as setting managers in the google group.
2. The code (when run via the change log) assumes that if you have a privilege or membership on a group, then it will always set you up as a manager or member in google. So if you just get read on a group, you'll end up becoming a member in the google group.
3. Privilege deletions don't work properly. Say you're a manager (via admin priv) and you also have read and the read priv is removed, then you'll lose your manager priv in google.