We know that it is pretty much impossible to find collision in SHA256, so if I use it with my passphrase there is no other way for attacker to guess it, am I wrong?
Yes, you are wrong, as I think you're misunderstanding what a "collision" actually is...
A collision is not someone being able to guess whatever it was you have hashed... a collision is two different values that will generate the same hash result. ie. SHA256(X) == SHA256(Y) would be a collision.
Regardless of whether or not you use SHA256, the strength of your brainwallet lies purely in how long and complicated the passphrase actually is... and generally speaking, it is simply not going to be as random and have as much entropy as a properly (randomly) generated seed/private key.
Given some of the stories that have been floating around (ie:
https://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/ and
https://www.reddit.com/r/Bitcoin/comments/1zti1p/17956_hacked_brainwallet_passwords/) There have been (and there probably currently are) a lot of people running all sorts of scripts and bots that generate/monitor various Bitcoin addresses that are generated from brainwallets (essentially SHA256(passphrase)).
Therefore, it is not out of the realms of possibility, that some users have also considered using something similar to generate BIP39 seeds the same way... after all, you thought of it!
"At christmas 2002 my oncle Joe came drunk for the dinner. My first girlfriend did not like french fries"
It is interesting to note that the fact that you are using 'proper' English sentence structure and grammar is already reducing the entropy... as there is a relationship and pattern to the words.
Compared with something like: "extra card place track tower violin slim window soul identify tray galaxy" where they are in no way related to each other and there is no defined structure.