Are you the posting police ?

You half answered my question. Nobody has answered the question fully IMO and it looks to me like a serious security hole.

You said IF I setup my watch correctly with 2 xpubs THEN it will work correctly. Granted, that's correct and I did make a mistake there. But an attacker does not have to do that. They setup watch with 1 xpub , as I did, and then only required 1 sig to drain from both offline 2of2 multisig wallets ! What's the answer to that ? That's quite serious IMO

I set up the offline multisigs correctly, because it says 2of2 in each header and 2of2 of the default multisig in electrum. I apologise in advance if I have made a setup or assumption error, but I don't think so.