Because SMS is not even remotely a secure communication channel, and the point of two factors is proof of possession of two different classes of things (that you have some device and that you know some secret), and using an insecure channel to send a message weakens the proof of the have half of that, in much the same way as using a weak or published password weakens the know half.
Ideally, you want as strong as practical proofs of each half within the constraints set by UX considerations.
That's not particularly weak as proof to the person who controls the DB that you have access to the phone, which is what the device factor of a 2FA scheme is intended to prove, since you have to have access to either the DB or the phone to get the key.
Conversely, SMS's weakness is in the communication channel, which can be compromised without compromising the things for which the factor is intended as proof.
Phones get hacked too. If you ever access a site with your phone, it's not two factor auth. Malware can read your 2FA key and read your password as you type it in.
Why not both? Google's pioneering approach (TOTP, SMS, automated phonecalls, and offline backup codes) is so thorough that I've been disappointed by almost every other implementation.
That's outside the scope of the tool. You're supposed to prevent malware from compromising your phone. At the very least this scheme requires an attacker to implant malware on your phone as opposed to just monitoring/intercepting communications to and from it.
You can write your own TOTP application - its open source and works offline, you don't need Google Authenticator, there are dozens of applications available.
EDIT: Slack responded that they do not support SMS yet.