The main issue with this is the automatic login functionality. If a person has 2 factor enabled on their account, and any of their devices (phones, tablets, etc) are stolen, it becomes trivial to act without a password to steal the entire account. If they have a lock screen password, it becomes harder to attack, but any compromised device would likely give an attacker a few hours prior to a user noticing and killing its tokens.