I think what he meant is you're the one who know your private key, but the Atomic wallet developer also know your private key and it's stored in their server. So if the hacker can find a loophole of the server, the hacker know the private key of Atomic wallet users.
The same for Ledger Recovery Service which splits seed words to three shards. Ledger claims that it is safe but who knows. As a Bitcoin users, you put your keys, seed words into hands of Ledger and two more entities. I am sorry but I can not trust anyone to hold my seed, private key. With Ledger Recovery Service, risk will be trippled.
Password authentication doesn't protect from hack, it just add an extra security to prevent someone can access your wallet if they control your device.
People just get it wrong. Password of a wallet only protect your wallet file, encrypt that file and prevent hackers to access the file too easily. However, if hackers know your wallet seeds, the wallet password is non sense.
Same with 2-factor authentication, if hacks happen at serious scale, it can not save you.