Would you buy an account where you don't change the email address and password, even when you know that the seller has those credentials? Who would be so stupid to then only enable or alter 2FA alone to hide and not trigger some markers?

Also, there are perfectly valid reasons to alter 2FA, e.g. when you didn't backup the 2FA secret and you change your mobile phone, assuming you have the authenticator only on your mobile phone.

I don't trust authenticators that are closed-source and sync via some cloud. You can't know where your 2FA secrets end up. A cloud is just another entity's computer(s) and storage.