This is absolutely inexcusable- requiring customers to disable two-factor auth and storing passwords in plaintext? Seriously, there should be a minimum level of competence required to run a business...
It looks like TeenSafe kept Apple IDs and their corresponding passwords stored in plaintext. The service required parents disable two-factor authentication on those Apple IDs for the service to work.