Better permission control
I'd like to give a service account access to write (upload) to a bucket, but not to delete files. This allows backups to run from the server being backed up to Google Cloud Storage, without concern that an attacker could login and then also destroy all backups from the compromised server itself. This particular example would also be resolved by allowing bucket data to be archived to a different bucket at certain intervals.
On the same theme, on order to allow a service account to write ACL, you need to give Full Control. Cloud Storage needs more fine grained permission settings.