The old version of the toolbar is stored as C:\Program Files\Google\GoogleToolbar1.dll. What appears to happen is the updater creates GoogleToolbar2.dll, and registers that in COM. No idea if the old file is deregistered.
Plan A of reregister the old version and hope it didn't notice was doomed from the beginning. The updater saw through that attempt and behaved as normal
Plan B of the same, but then copy the old to where it expects the new and deny writes using NTFS permissions also failed. Instead of creating GoogleToolbar2.dll, GoogleToolbar3.dll was created.
Plan C, however, involves following Plan A and then using NTFS permissions to deny all modifications to the entirety of C:\Program Files\Google.
This appears to be quite successful. The updater can't really do anything if it can't create the new file, or modify or delete the old one. Worst it can do is clobber the registery settings for the toolbar. And that can probably be fixed by applying a similar ACL to HKEY_CURRENT_USER\Software\Google.
Autoupdate that, Google!