Yeah, but that's the problem! People constantly pick low-entropy passphrases, because they are used to regular passwords.
And then their account gets hacked with something that looks like offline bruteforcing.
So what if instead of doing
MessageDigest.getInstance("SHA-256").digest(secretPhrase.getBytes("UTF-8"))
we add something like PBKDF2 to improve security?
If we did something like this: https://bitcointalksearch.org/topic/m.4821453 then we could easily add Bitcoin-like wallet functionality. Let the computer use a good random number generator to generate the private key. Local machine could have its own "weak" password for the local wallet, and the blockchain address would not be able to be brute-forced.