I agree. I think it is acceptable to trade some security for convenience and in this case the convenient solution is still more secure than not having 2FA at all. However, the fact that some security is being traded for convenience should be documented in the README, otherwise one can criticize that the README is promoting a less secure usage of TOTP.
