Except that SMS messages can be intercepted, e.g. by having a proper access to the SS7 backbone, by abusing services provided for other reasons, or by SIM swapping attacks. All of this has already been done, so it's not just theory.
Yes, of course, the Ask:HN is basically about that! The parent comment asserted that having an SMS in addition to a password is functionally no different from having a password only. Which is not the case.
