I added an iteration field which will loop sha256 before generating the mnemonic to discourage bruteforce attack, in my browser 1000000 will take approx 20 seconds to compute.
that does nothing not to mention that your code has a bottleneck otherwise 1 million SHA256 of a small input (passphrase) would only take half a second to complete. even if it were 20 second it still doesn't increase the security at all because the idea of using a brainwallet is flawed on its own whether it is creating a key or a mnemonic.