You cannot have effective 2FA and still be the owner of your private keys. That is why they send you an email backup. There are some multi-sig schemes out there where true 2FA seems doable but they are not ready yet.
As for [1]: people taking GeoIP data seriously are dumb anyway, don't really see where blockchain.info claims that this is accurate
> There are some multi-sig schemes out there where true 2FA seems doable but they are not ready yet.
Really? GreenAddress and BitGo both implement 2FA where you hold one key on your computer, one key somewhere safe (like in a safe), and they hold one key on their servers. They'll only sign if you authenticate correctly.
As for [1]: people taking GeoIP data seriously are dumb anyway, don't really see where blockchain.info claims that this is accurate