It wasn’t the first time I’ve logged in to Apple/iCloud on that iMac though, and I always use Safari too. Plus, why did it say device rather than browser, if that was the problem.
I’ve had the iMac for 8 years, longer than my current iPhone/iPad/AW, so its by far the ‘most’ trusted device I have...
It lost the cookie, the cookie expired, or the privacy website is a new “device” that’s stored on a completely separate domain and generates a new cookie. I get these 2FA pop ups when logging into different Apple sites that require my Apple ID (e.g. Maps Connect, iTunes Connect, etc).
The fact remains that it is completely safe since it’s the website you’re authorizing, not the iMac. So it doesn’t hurt to send the code to the iMac.
Sending the code to the iMac is still a good idea. What if you obtained some malware that was key logging or grabbing credentials from somewhere and decided to login itself to the Apple ID page to change your password? This would be a new “device” and you’d have to provide your 2FA, essentially stopping the malware in its tracks. Of course, that’s hypothetical, but it is a valid scenario that even sending the code to the device your on will solve.