You are using Blockchain.info's My Wallet then?  If so, know that the wallet isn't encrypted with two factor, and instead that 2FA is only used to restrict access to your account from the website.   So if you had any wallet backups (wallet.aes.json file) anywhere (e.g., in an e-mail inbox) they could be decrypted simply with the password by anyone with access to that backup.

Online wallets, such as Blockchain.info (a hybrid online E-Wallet), Inputs.io (a hosted / shared E-Wallet), and exchange accounts (e.g., the E-Wallet at BITSTAMP) are great for their convenience but that convenience comes with a trade-off for security.  As such, the amount of funds stored with them should be limited to whatever amount is needed for spending, trading, etc., and the funds held for longer term investment / storage should be stored locally on a secure system or in cold storage / offline preferably.