"Unusable while you travel" or in other countries is simply false: one of the two-factor authentication options is the google authenticator app on your smartphone, which requires no internet/phone connectivity at all. It's time-based.

The imap/pop thing is still a legitimate concern. App-specific passwords let those continue working, but they have security issues of their own.