Yes, and?
If your email has been already compromised, you're pretty much screwed anyway. I just don't get why having an
alternative is better than no alternative. If people want to keep using their Gold Cards, that's fine! They're pretty damn hard to compromise, I recognize that. The cynical in me wants to believe they'd rather make people pay for the GC and deal with all the support cases from compromised accounts for those who don't have one, but even companies such as Square-Enix and Blizzard which eventually started out with dedicated devices for 2FA, much like our own GC+Reader, eventually also gave the choice of using an app. Why? Because it's a cheap way to increase account security and wash their hands whenever some idiot gets "hacked".
Right now my EU account's security is lower than I'd want it to be because I don't have any other means to have two-factor authentication and I'm unwilling to use a dedicated device that, mind you, can also break or fail at any time. I have enabled 2FA in pretty much every service that supports it (GMail, Dropbox, bank account, any cryptocurrency exchange worth their salt...) and I'm doing fine, this is an
industry standard by now. MindArk is no longer so special for having "bank account-like" security measures for their accounts.
If my phone breaks or gets lost/stolen, I still have the means to restore access because you can make paper backups of any secret tokens you push in Google Authenticator/Authy/Any similar proprietary app. If my hypothetical GC gets lost or stolen, I've got some grueling moments with support if I wanted to have access to my account once again.