After all, the main beneficiary of 2FA is the person using it with their account. So there's no real need to make it compulsory at all. Loudly warn people they're not using it, and make it as easy as possible to do so, fine.
But I could grudgingly accept compulsory 2FA if a range of options were available, none of which required us to give BorgSoft personal information. Eg a code or login token sent by email, as used by Medium and Substack. Or sent by XMPP, Matrix, etc.
(3/3)