Unless 2FA has been implemented poorly. There have been cases where yubikeys have been compromised on blockchain.info, allowing the attacker to get the seed (or reuse codes, can't remember); this is the first gox 2fa breach I have heard of though (unless of course he is lying about having the 2fa setup).