A guy who used
sha256 of poem written in exotic language as private key lost his brainwallet recently, so yeah you could make your own dictionary, maybe someone thinks that nobody will think about using password directly as key or MD5 of passwd and you will be the one who will teach him a lesson about security practices. Be creative in choosing which keys to check and you might hit big. Of course properly generated private keys are safe (well until you use them with
bad RNG).
Great idea. Visitor can paste in a target address, OR enter a phrase to generate into a brainwallet to sweep. The system tries a set of variations on the phrase - different word order, some words missing, letters replaced by numbers, etc.
Once people realize that any bored kid with a computer can spend their spare time attempting to hack brainwallets, perhaps people will stop relying on them so much.