the main problem here is that users don't take 2FA seriously. they quickly put the token on their main phone without backing it up anywhere, then they cry when they lose their phone. one should always have tokens backed up on multiple devices, and written down on a piece of paper as well.
There are lots more problems than that. What if someone gets access to your smartphone and the 2FA app? There is more smartphone malware and hacks coming out each day than desktop malware nowadays. Add to that exposed NSA and other government back doors. Smartphones would be the last place I would consider secure.
But on the topic of WEX, obviously the old BTC-e tokens don't work and they have had to setup 2FA again.