There isn't anything we can do since all communication with Trustedcoin can be MITMed and more trivially malware can simply gank the seed.
Malware will be able to steal the 1/3 extended private key in the wallet upon a spend attempt and use the google authenticator code to sign a different transaction than the one the user entered - one that sweeps the wallet to the attacker's address. If the 2nd factor is able to display the transaction details AND the malware is unable to simultaneously corrupt this 2nd factor AND the user notices the discrepancy then the attack will be thwarted. Otherwise it will be fatal.
Assuming the attacker does not also have access to a decrypted wallet / extended private key there is little an attacker can do. Trustedcoin will only cosign transactions which are already partially signed by the appropriate user.
In this scenario an attacker gains read access to a copy of the user's wallet file and is furthermore able to decrypt it. For example: if an attacker gains access to a user's hard drive image or online storage service where a backup is stored AND the wallet is unencrypted or encrypted with a weak password. Note that given most site's "forgot password" policies, an attacker able to compromise a user's email can usually gain access to most of that user's other online services (including storage services where full disk and/or wallet file backups may reside).