Not really (I can login to some systems with just TOTP, but TOTP was registered as a supplemental to something else). I guess your point is that having the seeds exposed is as big a deal as having salted hashes exposed. Which is to say, not a big deal.

Fair enough.