Yup, absolutely. I run FDE mostly just out of a personal policy that anything that someone can pick up and walk off with is encrypted, but this is a very good point.
The DB is a Sqlite3 database containing plaintext tokens and the account names they are used with, so while the attacker would still need your password, they can generate new tokens with that data.
Good policy upon losing any device that contains 2FA information is to use one of your backup codes to log into your account, remove the 2FA, and re-add it, thereby invalidating the old token secret. Thus, even if someone has your unprotected DB, they can't generate tokens for your account.
The DB is a Sqlite3 database containing plaintext tokens and the account names they are used with, so while the attacker would still need your password, they can generate new tokens with that data.
Good policy upon losing any device that contains 2FA information is to use one of your backup codes to log into your account, remove the 2FA, and re-add it, thereby invalidating the old token secret. Thus, even if someone has your unprotected DB, they can't generate tokens for your account.