if your computer is infected and you leak anything from your desktop wallet then you will similarly lead your other sensitive data such as your login information and a lot more which could still be used to hack your account even with 2FA because you can not trust any third party.
This. If your computer is infected with a keylogger, screen capturer, or other malware which is accessing your data, then it can access your exchange account and email account username and password just as easily, if not more so, than your wallet, given that you probably access the former much more frequently and your wallet file is (hopefully) encrypted when you aren't using it. Many people also log in to their email accounts and exchange/web wallet accounts via public WiFi or even on a public computer, but far less are opening their wallet on a public computer.
Using a web wallet exposes you to all the risks of using a desktop wallet, whilst also adding in a ton of other risks, placing complete trust in a third party, and sacrificing your privacy.