If the phone has a PIN or similar (I realize not everyone has) and the 2FA app has a pin/password, then that does seem like a reasonable level of security.
No, because getting your phone and wallet stolen (they are likely to both be on your person so both would likely be stolen at the same time) means you couldn't then log on to online banking and deactivate your credit cards (which you would want to do as soon as possible)
Edit: Just to clarify a bit more, most cards here have a tap and go function requiring no PIN up to a certain amount. Although the amount is small I'd still rather have it that no one spends my money.
