Is it safe to use a weak password as long as I have two-factor authentication?
Specifically for Google, if you use two-factor authentication it is safe to "weaken" your password "from a 16-character password with a search space on the order of 1030 to an 8-character password with a search space on the order of 1014" as long as you use a good 8-character password (i.e. completely random and not re-used across sites).
The strength of two-factor authentication lies in the assumption that the two factors require different kinds of attack and it is unlikely that a single attacker would perform both kinds of attacks on a single target. To answer your question we need to analyze what attacks are possible on weaker passwords compared to stronger passwords and how likely it is that someone who is able to attack weaker passwords but not longer passwords will attack the second authentication factor.
Now the security delta between "a 16-character password with a search space on the order of 1030" and "an 8-character password with a search space on the order of 1014" isn't as large as you may think - there aren't that many attacks that the weaker password is susceptible to but the stronger one isn't. Re-using passwords is dangerous regardless of the password length. The same is true for MITM, key loggers and most other common attacks on passwords.
The kind of attacks in which the password length is meaningful are dictionary attacks - i.e. attacks in which the attacker does an exhaustive search for your password in a dictionary. Trying all possible passwords in the login screen is obviously not feasible for a search space of 1014, but if an attacker obtains a hash of your password then it may be feasible to check this hash for a search space of 1014 but not for a search space of 1030.
Here is where the fact that you've specified Google in your question is important. Google are serious about password security and do what it takes to keep your hashed passwords secure. This includes protecting the servers on which the hashed passwords reside and using salt, pepper and key stretching to thwart a hacker who has somehow managed to get the hashed passwords.
If an attacker has succeeded in circumventing all the above, i.e. is able to obtain Google's database of salts and hashed passwords and is able to obtain the secret pepper and is able to do an exhaustive search with key stretching on a search space of 1014, then unless you're the director of the CIA that attacker won't be wasting any time on hacking your phone to bypass the second authentication factor - they will be too busy hacking the hundreds of millions of Gmail accounts that don't use two-factor authentication. Such a hacker isn't someone targeting you specifically - it's someone targeting the whole world.
If your data is so valuable that such a powerful hacker would target you specifically then you really shouldn't be putting your data in Gmail in the first place. For that matter you shouldn't be putting it on any computer that is connected to the Internet.
A weak password + two-factor authentication might still be safer than a strong password alone but it will be less safe than a strong password + two-factor authentication.
It all depends on how weak you go: if you go all the way and make the password trivial you effectively end up with one-factor authentication (the Google text message to your phone). But this might still be more safe than your original strong password.
First of all the fundamental concept of TFA: - something the user knows (the password you are using) - something the user has (in case of google this is your phone: they send you verification code on the phonenumber, you have provided)
First of you have to understand that judging by what you said:
But typing in those passwords all the time is a real hassle, especially on a phone or tablet.
this means that a lot of time you are using gmail from your phone, so if I have stolen/or taken your phone for some time - your TFA became just OFA with your password. I will tell you even more, that in some countries if you have connections to people who are working in mobile companies and have appropriate access - they can just issue a person your phone number. Another thing is that the attacker can intercept the authentication process, by which I mean that an attacker can just take your phone right when you suppose to get a message. After having this paranoiac I will start from another way
Just think for a little bit - TFA was used long time ago and used right now with millions of customers every day, with the space of 10000 (4 digits number). This is your bank card. How often was your card misused during your whole life? I assume not a lot. And I am pretty sure that most people would rather choose to get your money than to read your email.
Another point - google is not the worst company and they really make sure your data is secure (if someone prove them not - they will loose to their competitors who will make sure). So I am pretty sure they handle everything in a correct way and the point why they implemented TFA is to leverage low passwords.
This brings us to one of the most important issue in security: your security measures must be appropriate for the type of information you are trying to keep secret. Whenever I hear something like: "I use 40 digits password to access my weather forecast for tomorrow" my question is Why, I will use just 123 as a password? What will happen if I will get it - you will just create another account. So what is the point. Of course this is exaggeration.
But if you think that your correspondence is so important that someone will still your phone and will brute-force 16-characters to get it - most probably gmail is not good for you, as well as most probably that walking on the street without bodyguard as well.