There are a number of ways an account can be compromised or hacked, the most common of which is a cracked password.
2fa (Two-factor authentication) is a good countermeasure against nefarious actors. It acts as a secondary safety measure by asking for a temporary 6 digit code on a device that only you have access to, such as your phone. The code cycles typically every 30 seconds.
OpenNode takes a strong stance on protecting your bitcoin funds. This is why we require it's used for any and all procedures that move bitcoin or cash off of the OpenNode platform.