It prevents someone from faking Google's login page (or any other service) to capture users' passwords. This is the same as showing a "trusted image" that you selected.
Does it? What stops them from MITM-ing your answer on the first screen to get the trust image for the second screen? (In a way that's meaningfully different than the single-screen version, I mean, so not HTTPS certs.)
As TFA mentions, it only shows the image if logging in from a known IP or device, so the MITM won't have access to it, unless of course they can hijack your device or connection, but that's orders of magnitude harder than setting up a fake login page.
