Something worth noting is that the email it claims is yours, is never yours. I tried it on two different emails, and it failed both times. However both times it listed the address I get email from most as mine. Also in the image I’ve included, shows 23 contacts when it did indeed list all 200 or so.
This has been a problem before for GMail, and more details about the previous attacks can be found here. I guess this is why they keep the service in beta.
Credit for this exploit goes to Googlified
The code for the exploit can be found here. The original demonstration last night was in fact not malicious, so your contacts are safe.