I do not know why you are blabbering in the answer mate. PIN and password is not a security feature to avoid the scam and hacking mate. If you have the 2FA, private key and security phrase secured you will be able to keep your wallet safe mate.
In android wallet you can see blockchain wallet and mycellium seems much secured than other wallets mate.
In fact, wallets that contain 2FA are just the web wallets as blockchain info which helps to ensure more security but I would not trust my whole money in a web wallet, PIN and password are not a feature that helps protect you from hackers? so why do not you dare leave your wallet without a password? Obviously you would not do this, put a password easy to be broken as "123456" the programs that have brute fource break the encryption in a follow... that's what I'm saying about the need for a strong password to give your coins more protection.
As I see so far people directly lost their fund with the incorrect URL accessing to wallet mate. Apart from that no one lost the fund so far bro. So ignore hacking attack all the time. If you want to keep the fund on the wallet 2FA is one of the additional option to secure it.
So far people confirmed and said wallet has been hacked. They did not share the tx id which goes out. Hence you should understand those news are fake on the new site bro.