Yeah I actually wondered that too, why wasn't there an effort to implement RFC-4226 so that people could use Google Authenticator (or any RFC compliant HOTP client) rather than make them sign up for a commercial service? Especially when there's libraries like PHPGangsta (
https://github.com/PHPGangsta/GoogleAuthenticator) are available.