[gcommer]

I think that depends on the adversary. Against the NSA there might not be a major difference (depending on your email provider), but SMS is probably more secure in the typical case, as it is much more common for your run of the mill script kiddie/phisher/etc to get access to someone's email than their phone.

[drdaeman]

At least some mobile operators have "SMS archive" option, that can be enabled and accessible from self-service site. It requires some time to set up, but attacker with sufficient time, knowledge and patience may pull the attack relatively easily. No need for NSA-grade adversary.

(Even worse, until relatively recently they had used numeric passwords (those had to be set from a phone, using DTMF tone dial). This had changed only 3 or maybe 4 years ago. Wonder whenever that change was 2FA-related. :) )

So I'm uncertain whenever SMS is more secure.