This is all too true.
There was a thread recently where a Brainwallet.org user picked a very simple seed (as a trial run, only small quantity of BTC was transferred to the wallet). Someone out there was running a script that checked for really naive brain wallet seeds and emptying such wallets, and the same person posted back in the thread to let the OP know how it had happened to them.
I don't know what the best advice is: I've heard that even using 12+ word seeds can be discovered if you use dictionary or popular culture words, in English or any other language. So, Brainwallets are only secure from rainbow table style fishing when the seed is well chosen, and that the wallet file is created from the seed in a secure environment also. Do your best to get as much information about what the issues surrounding the creation of a secure brain wallet is
before you try it, even if a key has been safe for a given time period, you cannot assume it always will be.
Charlie Shrem has a curious twist on the concept: engraving a private key onto a ring, but with one character missing. That missing character is his brainwallet, effectively.
