There is no difference of having a seperate device or a generator on a phone. FIrst off, your Account is not linked in anyway to the authenticator on the phone. It simply generates the next code, the same as a seperate device.

If a person had your device ID and last code, they could guess it as easy as on a phone if they had the code. However cell phoen app versions are actually more secure. THey can be updated, use encryption, and reassigned. Rift uses 128bit ssl encryption and re randomizes your code generation algorythem every 7 days. An authenticator device cna not be updated in that way.