You say that it is scary, but that is exactely what is happening with BTC and the brainwallet apllication. Someone created huge rainbowtables and runs a bot that detects incoming tx and just sweaps all accounts. Everything that is shorter than 12-14 digits ist just sweapt within <0.5 seconds.

or the next release can you change "Your secret phrase is too short
and can be easily picked by a hacker!" to be "This passphrase is too short, and will most likely result in NXT being stolen! Do not use words, sentences, or any literary or common phrase or sentence.  A secure passphrase will be at least 35 characters long and consist of random numbers, letters, and special characters.  Or you can use a combination of 10 random words that make no sense when put together"

also, when the user attempts to unlock an account, when the popup that comes up with the text box for the user to enter the passphrase in, please also print "A simple passphrase will most likely result in NXT being stolen! Do not use any common phrase or a sentence that makes common sense, or that is common in spoken/literary world.  A secure passphrase will be at least 35 characters long and consist of random numbers, letters, and special characters.  Or you can use a combination of 10 random words that make no sense when put together"