If the user has the passphrase, seed #1, and seed #2, all it takes is (say) 60 seconds to brute force the internal seed, and generate the correct privkey.
why do we need #0 if it's so easy to brute force it then?
Shrug. I guess as some extra protection if the two main seeds (which would need to be printed out or stored somewhere) are recovered by an attacker.
Without seed #0 the attacker would only need to bruteforce the passphrase, but by requiring the additional (unknown) seed the work is increased by a factor of at least a few million.
Disclaimer: I'm not a cryptographer, so I freely admit these ideas are probably a little crazy.