Well, they could offer the option of letting the user set a backup password that is known only to the user (warning the user that if they lose the password, they lose their backups).
Most home users probably won't use it, but those that care about security (like every corporation that uses Android devices) probably will.
Yes, they could. This is what Chrome does for saved passwords, for example, so Google's servers only ever get an ecrypted blob.
However, the question is why on earth is your *WIFI* password that sensitive that it needs that level of user friction, hassle, and increased support costs? Corporations can easily use their own app or a 3rd party app that injects the wireless credentials through Android's public API for that - there's no reason for Google's backup to handle that. Those that care about security have probably already secured every device on their network instead of blindly trusting anything that can reach it. So what, exactly, is so damn sensitive about a wifi password that this needs to be an option that Google should support? Are you that worried that Google will leach off of your bandwidth or something?
And if the NSA is already tapped into the fiber backbones as people suspect, what would they want with this info anyway? Why wardrive and catch snippets when you can just record literally everything?