Come on man, people who know how to choose good passwords and store them correctly while using brainwallets are as safe as using other "normal" wallets. I have seen so many stupid missuses with the wallet.dat files so far that are as bad as bad brainwallet passwords.
This means nothing, if people are using brainwallets, they are not less safe automatically.
Yes, they absolutely are less safe automatically. A person who wants to break your wallet.dat password must have your wallet.dat file. Brainwallets have no file.
Brainwallet cracking tools can run extremely fast - the cracking can be run offline against an indexed version of the blockchain, and can be distributed among many bots. A password of "m2wAHUnF91z" for instance (created from LastPass, and bearing approximately 51-57 bits of entropy, depending on how it's calculated) is absolutely reasonable for a wallet.dat password. It is absolutely NOT fine as a brainwallet key. Brainwallets should have no less than 128 bits of true entropy.
Creating a safe brainwallet is possible, but it is very difficult to do correctly. You have to forget everything you've learned about how to pick a good password.
Wait, you take a dictionary, even an English one (even better if you are a foreigner so you use a foreign dictionary, but lets assume you use and English one) and you choose 12 random words of 6+ letters (even 5 letter words are OK but just to make sure) and you will have a random password with 128 bit+ entropy which is very safe. Of course, you write it down on a piece of paper.
The problem is that average people don't know that's done like this correctly and they use famous phrases and other crap instead.