In theory, the phone stores the TOTP secret on a TPM that can't be backed up. So the TOTP secret is fundamentally tied to that specific phone. You can't back up the secret, and somebody with brief access to your phone cannot copy it. Even with unlimited access to your phone, it's unlikely anyone can copy the secret.
This solution stores the secret in your home directory, which is easily readable by any process that has access to your hard drive. Anyone with brief access to your laptop/workstation can easily copy the secret. If you back up your home directory, anybody with access to your backups has access to the secret.
Yes, a "Trusted Platform Module." Now that I'm looking around it doesn't look like Google Authenticator actually does this, but it does make it more difficult to copy the TOTP secrets than this 2FA on the command line thing.
Though it could and probably should. (Really, this 2FA CLI app could probably do so as well, most modern laptops probably have a TPM.)
This solution stores the secret in your home directory, which is easily readable by any process that has access to your hard drive. Anyone with brief access to your laptop/workstation can easily copy the secret. If you back up your home directory, anybody with access to your backups has access to the secret.