A phone number is fine for 99% of users.

They recommend that users with higher-than-average security requirements set a PIN, which removes phone number attacks from the threat model, but you're still dependent on the security of SGX.

Users with extreme security requirements can set a 42 character alphanumeric PIN, thus also excluding SGX from the picture, but at that point you're getting owned no matter what you do.

A PIN does not detach you from your provider, country and misery of having a cell phone, let alone a chain of possible points of SMS interception.