What you can do with email is move the problem to your most secure account or to an account that you know how to recover under essentially all circumstances.
As I mentioned before that it's just convenience. SMS based authentication is flawed and is also prone to SS7 Attacks but people just do it because it's simple. Nothing in the world is hack proof