Smaller companies though may not want or be bothered about protecting their name that way so they pick one or the other. Also international companies like Amazon and Google often use the country specific domains to provide a localised service.
Right now, before I've had my coffee, I can't think of any reason I'd want to log in to the web browser, either, though I'm sure there are cases. It's probably something to worry about on a case-by-case basis.
I use my Google credentials to access openid enabled sites such as StackOverflow. I think that's the main reason I need to be logged in to Google from my phone's web browser.
For linking your Google account to your phone, turn on two-factor authentication. You can't actually use two-factor authentication to add your Google account to the phone, so you get the option to set up an application-specific password. Though nothing stops someone from reusing this password to access your mail, you can revoke this password at any time without affecting the rest of your application-specific passwords or your main Google account password. If your phone is lost, get to the nearest computer and revoke the phone password. Then if the thief does manage to extract your password, it's useless.
The catch with this is that for two-factor authentication you need the Google Authenticator app installed on some device which is probably your phone. So if someone does manage to break into your phone and extract the main password they've got all they need to get into your account. If you are very careful to use only application passwords on the phone and then you can revoke them all but if you use the main password to login to Google on the web browser then the two-factor stuff has added complexity but not a whole lot of security.