Clearly, using a sentence from a book or similar and adding or replacing characters can make the brainwallet harder to break. Combined with a weird and high number of hashing rounds. Even though keys can be collected in each round.
Speed Optimizations in Bitcoin Key Recovery Attacks gives examples of the passwords the researchers cracked. I think most people would consider {1summer2leo3phoebe to be quite strong.
I do not think, that this is a secure seed. Take numbers from 1 to 1000 and 100.000 possible words. Then you have roughly 100*(1000^3)*(100.000^3) = 10^26 = 2^86 possibilites if you sample with replacement (I count the "{" as character from the set of all printable character using a standard keyboard, I think there were roughly 100). And in this example the order and alternation is not considered. This is definitely too few. Especially, since you can order the words in a dictionary by their usage since some words are more likely to be used by humans. Moreover, an attacker would compute the key pairs once, maybe with optimized hardware. Each such brainwallet would be robbed in no time.
If you are paranoid enough, you would never use a hardware wallet from some manufacturer. Firstly, the hardware can break. Secondly, the hardware can be manipulated. Not necessarily by the manufacturer, but during shipment (except you buy it directly in a shop without providing your identity). Thirdly, the seed sentence can be stolen.
I don't worry about your FIrst concern, because of the recovery seed. The Third concern is a risk similar to paper wallets, but it's the Second concern that has until now stopped me from getting a hardware wallet. No matter how much the manufacturer is trusted, a hardware wallet is a black box to me, and I can't possibly check how it generates it's seed phrases.
ACK. But, even if your hardware wallet almost never breaks, the law of big numbers dictates, that one will break within a few years, provided enough such wallets exit. My concern is, that at some point in time, the hardware is not supported anymore. What, if someone passes the hardware wallet to his / her children or grandchildren, but the computers have no usb-port anymore. Today, who has a working floppy disk drive at home. And floppy disk drives were relatively common around 2000, even though not state of the art these days. Even today CD/DVD-devices are not standard anymore.
I would prefer a system which follows the KISS-principle (KISS = Keep It Simple Stupid) for long term archiving: Firstly, the code should reproducible easily. I am not sure, if the bash is perfect for this. But I like it, since most algorithms are already developed by experts and available on a standard linux system. They only have to be plugged together. Secondly, code should be easy to understand (which might be a little bit contradictory with respect to bash-syntax). (In my case, comments are still missing in some scripts in the moment. And code is not uniformly yet with respect to mathematical computations.) But it should be possible to print out the scripts and the linux version used and archive it in a bookcase or similar. Much better would it be if it can be carved in stone or glas.
Yes, one could argue, that Bitcoin might be obsolescent in a few years. But this is no counter-argument against secure long term archiving.
But for a coldwallet, I would claim that a "brainwallet" with a complex passphrase / seed is the best choice.
I wouldn't trust my own memory to be able to reproduce the password after (say) 20 years. Most of my long passwords are used on a daily basis, so they're easy to remember. The brainwallet needs to have a unique password, and if I don't use a password for a very long time, chances are I forget part of it.
I think, that it is not possible to remember a strong passphrase, if you do not use it daily. Thus, you must think about a secure way to archive it. Some non digital method similar to 2FA.