In addition to other reasons already given, I'm not sure if this is still the case because I haven't used Facebook in a while, but back in the day, the only options for 2FA were code generator in the Facebook app itself or SMS. So if you didn't want to have the Facebook app on your phone, giving them a phone number was the only way to enable 2FA.