I would advise using a close friend or relative's account as the recovery account, rather than creating another Gmail address specifically for this.

Additionally, I presume your mobile is password protected?

That combination is pretty secure. Someone trying to access your account would have to:

1. Know your password
2. Have physical access to your mobile when the authentication code was sent, or have access to the recovery email account (which is masked when you try to use it, I believe?)