Please don't worry, we will never make 2FA mandatory, and there are ways you can implement it without requiring a phone number. (The sites asking you for a phone number are generally doing it for password recovery if you get locked out of your account and can't receive the password reset email; 2FA-via-text-message is only slightly more secure than no 2FA at all, since texts aren't very secure, so most places have moved away to using a phone number for 2FA.) 2FA is, however, a very good option to have for people who are really concerned about the security of their account, people who are "high value" targets like activists and journalists whose accounts may contain information that would be either profitable or compromising, and people who have to use untrusted networks or computers to connect to their accounts. For those people, having the option to enable 2FA can really improve their security. (For instance, even if somebody manages to intercept my password for our payment processo r, they won't be able to steal all our moneyz because I have 2FA turned on.)