An interesting revelation I had when talking to The Fishcake🐶🐾 about nostr.build's new OTP using NIP-17 Giftwrapped DMs:

The OTP code is sent to the user only. The sender/server doesn't store a copy of the code. That is impossible to do on NIP-04.

If you send OTP via NIP-04, whoever has accept to the sender's key can decrypt and see all the codes. If you use NIP-17 DMs, the code is sent to the user and deleted from everything else.