12-words have about half a billion combinations that a typical computer can do in minutes/hours using BTCRecover (given that he knows one of the wallet's addresses).
24-words can stretch the time a lot longer but getting the correct order once all of the words got compromised is still inevitable.
I think that's a little misleading.
12! is indeed half a billion, and could be brute forced in a few hours, as you say.
However, 24! is over 1 quadrillion times bigger than that.
Even if 12! could be brute forced in a single second, 24! would take over 41 million years.
I still wouldn't feel at all comfortable knowing that all 24 words of my seed phrase had been leaked, and I would still move all my coins to a new wallet as soon as possible, but practically speaking, they would still be safe for all intents and purposes.