I think brainwallets are very secure, provided that you REALLY understand what makes strong input for a brainwallet, and what doesn't.
For example, I use Sha2562(master key + passphrase) where "master key" is a long, complex, impossible to guess password that I also use for e.g. Keepass. And the passphrase (it's actually a phrase, not a word) is something I can remember easily, but is still kinda hard to guess. Together, I feel very confident that nobody on earth is ever going to guess or brute force it.
With Sha2562 I mean something similar to Sha256d (double Sha256) which Bitcoin uses, but instead of Sha256(Sha256(x)), I use Sha256(x+Sha256(x)).
Yes. However, it seems most people don't REALLY understand that. It seems simple and obvious to
an informed person, but it is not to the layperson, even when explained.
In another thread, we were discussing probabilities and someone remarked "I don't understand all this fancy math"
when there was no math involved except multiplication and perhaps exponentiation.
When you're smart/informed/talent, its easy to overestimate the abilities of others. So,
I get why brainwallets aren't recommended and even in your situation, the entropy can
only be estimated but not measured directly.
I just use electrum although I do believe in theory that you're right. If you truly know
what you're doing, you can create a strong brain wallet.