The reason OTP (one-time-passwords), including TOTP, were developed in the first place is to prevent replay attacks. The basic idea being that since they can only be used once, somebody watching over your shoulder (physically or electronically) is not able to later type the same thing on their computer.
The idea of bifurcating one’s credential came much later and using a separate vault for the TOTP code is but one way to do it. Pepper for your password is another approach that has the advantage of not doubling the administrative overhead (installing, managing, backing up two vaults) and having a smaller increase in the login friction for users.
There is a careful line we all need to walk here. Even if one uses the absolute worst MFA mechanism (looking at you, SMS) and stores it in the worst possible way, their security posture is substantially better than not using MFA in the first place. “Very Very Very bad” implies that MFA done poorly is worse than no MFA, which is not true.