Meh. SMS basically has the same problems as capability URLs for password resets. Sure, Mail is usually TLS encrypted these days, but they are still not regarded as secret.

That said, I still would prefer both over another shitty authenticator app that really gets on my nerves.

Additionally, I would like an option toggle with "Yes, I do have a safe and uncompromised password", where I can get rid of this crap.

Some 2FA systems do work if they don't ask more than once a month, but they are the exception.