Just read this
Security benefits and risks
Just as the PIN is used to protect your device, we can say that the passphrase serves as second-factor protection for your seed.
It only exists in your head
Because the passphrase is not stored anywhere on the device, it is impervious to any attacks involving physical access and tampering with the chip. Furthermore, if somebody compromised your physical copy of the recovery seed, they still would not be able to access your passphrase protected wallet unless they knew the passphrase.
This is all very interesting, because I also use a passphrase in my Trezor, where I store the main amount of my funds. And my password is quite long - more than 30 characters. Such a password will probably be very difficult to guess using the brute force method.
But what if someone uses a fairly simple password (qwerty or something like that), and the attacker has physical access to your Trezor, can he use some kind of software to quickly find the password for the Trezor? Or will he get twice the waiting time every time if the password is incorrect?