It's just a redirect, this isn't an issue. The browser will use the final URL to decide which passwords to look up.
The issue is for clients that don't follow URLs and also manage abuse reputation by domain name. For example, if your webmail client knows that "evilsite.com" is bad because it's frequently reported spam, then you just start using links to "google.com/amp/evilsite.com" and the webmail client's reputation score resets.
The issue is for clients that don't follow URLs and also manage abuse reputation by domain name. For example, if your webmail client knows that "evilsite.com" is bad because it's frequently reported spam, then you just start using links to "google.com/amp/evilsite.com" and the webmail client's reputation score resets.