That cell phone you use for receiving the verification codes? It better not be a smartphone you also use to access GMail, or your 2-factor just became 1-factor, at least to any malware on that phone...
Your phone should never know your password; you log into Gmail from your phone using an application-specific password. If your phone is infected with malware and you don't trust it anymore, you deauthorize it and your account is safe.
2 factor authentication is an amazingly simple solution to a large number of complex problems.
