Ideally no. You want a 2fa to be different from your email. But it comes down to the user if they want to enable it or not. If they don't have it enabled the services default to sending a code to the users primary email. My guess is to prevent people from being compromised from malicious sessions.
https://contect.io - An idea validation service using market research data, keywords, A/B landing pages with a fake checkout to help indie hackers validate their idea. Working on applying for Strip checkout.
I made a Google Search API (https://rapidapi.com/apigeek/api/google-search3) which I launched at the start of 2020 and made over $6k+ so far. It cost me less than $100/month to run. All I have to do is answer support questions here and there.
I am currently trying to build a standalone website (https://goog.io) and moving the service away from RapidAPI.