I've never experienced this with any service that supports 2FA. All other 2FA services that I've ever used will not allow users to disable 2FA without first proving identity via 2FA.
(I recognize that 2FA is fallible. I am not arguing that it is perfect. But, if you're going enable 2FA auth, you should try to do it correctly.)
