No sarcasm intended at all on my part -- I think this is a very good move.
SMS is very bad as a 2FA, in that someone can fairly easily social-engineer your phone company to send them a new SIM card for your account, and once it's in their phone, all your SMS messages go to them. They now have control of your "protected" account (and yeah, they have to get your password as well, but if you're a big enough target, it's worth it).
This is why getting rid of SMS entirely as a 2FA is seen as an improvement in security.
Removing 2FA from existing accounts is never an improvement in security. As other replies on this post have noted, having SMS as 2FA is always better than not having 2FA. Heroku is actively harming their user's security by removing 2FA from user's accounts. Some users will not set up a new 2FA method on their account, leaving their account vulnerable to password attacks.
SMS is very bad as a 2FA, in that someone can fairly easily social-engineer your phone company to send them a new SIM card for your account, and once it's in their phone, all your SMS messages go to them. They now have control of your "protected" account (and yeah, they have to get your password as well, but if you're a big enough target, it's worth it).
This is why getting rid of SMS entirely as a 2FA is seen as an improvement in security.