I'd say it pretty much depends on your threat model.
2FA as currentlx implemented in XenForo can protect against
- Unauthorized use of an account via login with a valid password on an untrusted device
- Unauthorized use of an account via user remember key on an untrusted device
- Unauthorized use of a logged in account on a trusted device after 30 days
- Unauthorized use of tokens (user remember key and tfa trust key) after 30 days
IMHO scenario 1) is the most likely threat, for this case it doesn't matter how long a device is trusted so increasing the validity time doesn't weaken protection here.
Scensrio 2) would not be affected by a longer trust time as well.
With auto-extending TFA trust, scenarios 3) and 4) would allow an attacker to use the compromised device / stolen tokens "forever" if the account is used often enough and the victim doesn't change the password or revoke device trust.
For a normal user account a longer (or auto-extending or even infinite) device trust might well be sufficient enough when considering security vs. usability; accounts with higher risk (like Admins, Mods) might require more protection.