The whole point of 2FA is that 2 devices need to be compromised - your phone AND your computer. With desktop Authy only one device - your computer - needs to be compromised.
This is correct but, in the vast majority of cases, attacks are carried out remotely. I would agree that where third parties have access to your machine, it would be not be a good solution.