In the unlikely event that 2key servers are hacked, all that hackers could gain is your SHA256 ENCRYPTED private key, which can't be decrypted without your password or mnemonic. Decrypting SHA256 encrypted keys is currently deemed impossible.