Especially they claim that addresses which start with "1" and addresses generated with secret words (thus brain wallet) are not secure at all. I'm not familiar with the details that much but this seems dangerous to me, because almost every system generates addresses using brain wallet method with 7-8 words. This makes the most addresses weak.
No, you misunderstood this.
A private key is a 256 bit random number. And the hash function SHA-256 does produce a 'random-looking' output (depending on the input).
So quite a few people came to the idea to hash a 'password' to generate a 'random looking' number.
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 <-- This may look random. But it is the output of sha256('password').
So people started using passwords to generate private keys (thefore 'brain wallet').
Then smarter people started to program bots who create hashes of the most common passwords, most common prases, books, etc... to collect all the money stored in such 'brain wallets'.
While you think you may be able to find a 'random' input, it will always be less random than using a machines entropy pool. A human brain is very very far away from 'random'.
Now wallets nowadays do use entropy to achieve
randomness. A
random seed is generated, which is then being encoded into 12/24 words (this makes it easier for user to backup / memorize the seed and it is less error-prone when typing).
Those are NOT brain wallets. And NEITHER can they be bruteforced or hacked.
It is just a differend form of representing the
random seed which is used to derive all of the public-/private- keypairs.