Security is a trade-off between complexity and convenience. Binary arguments about security mean that your data might never get stolen but no-one uses the software - just ask PGP.

My opinion is that brain wallets aren't the most secure but they are secure enough for many non technical users. If it is a commercial service that is being offered then there are other measures to mitigate the risk of loss like insurance-an admission that it can occur and allow compensation according to risk probability.