Doesn't message forwarding negate two-factor authorization?

[Gjwilly]

Ever since iOS added message forwarding, whenever I've had to perform a two-factor authorization, the code has been sent to all of my devices simultaneously -- including the one I'm trying to authorize.
Seems like the whole security aspect of having two-factor authorization has been side-stepped.

 

[cynics]

Forwarding can only be setup from the device to begin with. So someone trying to get that code would need to have your phone anyway to set up forwarding.