I'm not saying it would be convenient, certainly not for day to day use (but then most people aren't transacting in huge amounts day to day so they might as well keep two trezors, one without a passphrase, another with a secure passphrase they'd use only occasionally), I just said that in case someone thought no funds are safe on a Trezor, and that's with several assumptions: the attacker gains physical access to the device, the attacker has a lot of resources (i.e. willing to design and produce ASICs just to get to the coins) and the user wants security comparable to a 24 word passphrase from a set of 2048 words. And yeah, it'd actually have to be 37 randomly chosen characters.

In reality 5 randomly chosen words from a 300k word dictionary (e.g. Webster's) would still be more than enough and more user friendly. It'd also be a slightly stronger passphrase than one from randomly choosing 7 words from a set of 7776 words (long diceware word list).