Regarding (2), I suspect you could do a lot of damage by posting a link to something malicious as a trusted user, but I don’t think 2FA really helps for the reasons you say. 2FA is relevant to phishing and the Mythos risk would be hacking LessWrong.
Regarding (2), I suspect you could do a lot of damage by posting a link to something malicious as a trusted user, but I don’t think 2FA really helps for the reasons you say. 2FA is relevant to phishing and the Mythos risk would be hacking LessWrong.