I wanted to add the following notes to this discussion if you find them relevant:

• Security through obscurity is bad. Don't do it. You must always assume that an attacker knows your password generation schemes.
• In light of the previous point, the only correct way of generating a brain wallet is to pick character or words with sufficient entropy in a complete random fashion. For example a 12 word diceware (where the random process is the results of throwing dices). An attacker that knows you used diceware to generate your passphrase can not recover any information on it.

If you don't follow these elementary security practices, you will get hacked. Don't play with fire when your money is at stake.