I don't see why SMS would need to write to a store, public or not. One can implement SMS-2FA using TOTP for example, it's just that the TOTP secret is not shared with the recipient.
Yes, it is not a technical necessity to store these messages. But there is the option to do it (and some people are evidently doing it). The point is that for one-time-passwords, it's not even an option, not matter how hard you try. You simply cannot make this class of mistake. Unless you try really really hard to fuck up and, say, for some very weird reason, exfiltrate the one-time passwords generated on the user's device every few seconds.
