You need the Yubikey to download Bitwarden/Ente vaults to your local device, after that the protection of either depends on the device/app protection.
For convenience, people keep TOTP in BW because BW will fill the credentials in automatically/semi-automatically. But if the attacker has your device, can unlock your device, can unlock BW (most likely another PIN or an additional biometric authentication), then they can access the accounts that have also TOTP secrets. However, people who use hardware keys will also not store TOTP with their important accounts because they also use hardware 2FA for those.
For additional security (or because it’s free), people will keep TOTP secrets in a TOTP app such as Ente. In this case, people can achieve additional security by protecting access to Bitwarden and 2FA app differently, such as 2 different PINs. They rely on the OS protections such that even if the phone is unlocked, the unecrypted Bitwarden/2FA app vaults cannot be extracted.