Of course it matters. Even if we assume someone figured out how to own the 2FA system, that knowledge doesn't magically make its way into the brain of every script kiddy capable of credential stuffing a login form. They're two totally different vectors with different surface area.
My thought is that it’s not really 2FA, and 2FA means temporary tokens, and there’s a method to gain entry with just login+token, e.g. via password reset.
If you want to deliver security then MFA is an interesting strategy that needs careful consideration and planning, you might end up building things like Security Keys so as to solve real threats. You might fix real problems (Google eliminated phishing) at your organisation.
But if your goal is to bamboozle fools into giving you their real money in exchange for Itchy and Scratchy money that you may or may not then "lose" then you don't need all that hard work. Take whatever nonsense you cobbled together and say it's "Two factor" because that means "good" to people who don't know any better.
