Worst thing? Someone with access to your password can now break into the associated account, and use that access to snoop or potentially permanently lock you out. E2EE data could be lost forever if they change the password and 2FA.
More likely? Unless you reuse passwords, or the associated site has been recently compromised, pretty low odds of compromise. If you suspect your 2FA has leaked, just get a new secret, easy peasy. Most reputable sites should alert you to a login on a new device, potentially giving you time to react or alerting you of snooping.
If your secret leaks without context on what site it's associated with, then unless your name is Taylor Swift, odds of someone associating it to a site, let alone the matching password, are astronomical.
Then your password (your other, "first" factor) is the only thing preventing an intruder impersonates you.
You'll still have to go through the hassle the now useless second factor puts you through, so you might as well update your second factor even if you trust your first to be very secure.