Email os how all password recovery flows work. So your accounts are generally as secure as your Email.

Nor is SMS. Nor a phone call (even a presumed "landline" can be voip, and that can be hacked too).

Here's the truth ; nothing is "secure".

Now... is email more secure than SMS, or less? What about other 2-factor auth things? Is email secure with 2-factor auth?

And yet it's surprising how many sites allow you to reset a password using nothing but an email link (single factor authentication - and there are already known cases of emails being silently redirected).