If the user has the passphrase, seed #1, and seed #2, all it takes is (say) 60 seconds to brute force the internal seed, and generate the correct privkey.
why do we need #0 if it's so easy to brute force it then?If the user loses either of the seeds, it takes 60 seconds + 1 day.
no, if you loses both seeds you die 
Edit: yep, if I lose one of #1 or #2 seeds it gonna take a month to brute force it of a couple of weeks with 50% probability if I'm lucky guy.
If I lose both seeds I'm in the deep trouble even if I'm extremely lucky.