Over-generalizing can lead to all sorts of problems.
Using the same email address as you use for everything else as your login name is a huge NO NO. So, what did I do when we moved to Battle.Net? I created a brand-new email, one that didn't use an obvious name or words. In fact, I made it as complex as I ~should~ have originally made my Account names. No one is magically coming up with my email address used as a login.
My original account names were LESS secure. Why? One was the name of one of my NeoPets. The other was a common user name I had on sites such as Slashdot. I know computers and security, and yet those were my account names.
As I said above - the one proven fact is that Authenticator > No Authenticator. There's a very clear, impossible to argue difference in number of account compromises with accounts that have either the keyfob or mobile app authenticator. With or without an option, with or without the extra algorithms to decide we are using the same computer, that Authenticator does make us more secure.
Heck, I never even log into the e-mail addy I use for my wow accounts. So if someone's sending me phishing e-mails there, they are SoL.