For a long time (still?) Kraken also refused to add SMS 2FA as an option due to its weak security.
I still don't see how that's worse than no 2FA at all, which was an option, but I appreciated that they were banging the "SMS 2FA isn't very secure" drum.
It’s worse in a lot of implementations because often SMS is often used as part of a recovery flow in cases where you lose the first factor.
I find it more secure in some contexts to never give a company my phone number at all if possible, so that it simply can’t be used as any kind of authentication no matter what.
I still don't see how that's worse than no 2FA at all, which was an option, but I appreciated that they were banging the "SMS 2FA isn't very secure" drum.