There isn't anything we can do since all communication with Trustedcoin can be MITMed and more trivially malware can simply gank the seed.
Malware will be able to steal the 1/3 extended private key in the wallet upon a spend attempt and use the google authenticator code to sign a different transaction than the one the user entered - one that sweeps the wallet to the attacker's address. If the 2nd factor is able to display the transaction details AND the malware is unable to simultaneously corrupt this 2nd factor AND the user notices the discrepancy then the attack will be thwarted. Otherwise it will be fatal.