At its core, 2FA should protect an account from unauthorized access during critical actions with it. But for some reason, it is not used when copying the folder with telegrams from the user's device to a new device.
Most likely, most users are not aware that the telegram folder can simply be copied from a computer and run on another computer. In this case, 2FA will not be requested, even if it is installed. At the same time, the telegram will not ask for anything at all, but simply silently start. Even worse, even a new session will not appear in the list. Telegram will fully work on 2 devices under one session.
This is essentially the most elementary way to intercept other people's messages on Telegram. It is scary because an attacker does not even need to be a programmer for this. It is enough to access the computer once and copy the folder. And in the absence of the owner of the computer, it is enough to connect the user's hard drive to any unlocked computer and copy the folder from there.
To prevent this, you just need to ask for a 2FA password, at least when changing the device or user OS. Why hasn't it been implemented yet?