I do not know why you are blabbering in the answer mate. PIN and password is not a security feature to avoid the scam and hacking mate. If you have the 2FA, private key and security phrase secured you will be able to keep your wallet safe mate.
In android wallet you can see blockchain wallet and mycellium seems much secured than other wallets mate.
In fact, wallets that contain 2FA are just the web wallets as blockchain info which helps to ensure more security but I would not trust my whole money in a web wallet, PIN and password are not a feature that helps protect you from hackers? so why do not you dare leave your wallet without a password? Obviously you would not do this, put a password easy to be broken as "123456" the programs that have brute fource break the encryption in a follow... that's what I'm saying about the need for a strong password to give your coins more protection.
Based on my experienced 2fa authenticator for mobile or on pc and password is enough to protect your coins to any hacking activity like brute force or phishing if you victim of phishing they don't know what is the 2fa code to login but expect to receive a email report that someone trying to login in your account so you must be online daily to keep aware of what happens to your wallet and don't forget to use anti-virus like Kaspersky (eset free as alternative) to keep your mobile clean.