But what if someone uses a fairly simple password (qwerty or something like that), and the attacker has physical access to your Trezor, can he use some kind of software to quickly find the password for the Trezor? Or will he get twice the waiting time every time if the password is incorrect?
A passphrase is temporary, Passphrase has not stored anywhere on the device (Trezor or PC). if someone has physical access to your Trezor he only thinking about you (your name, your birthday, car and etc). whatever he entered the word (incorrect), Trezor will be opening, but with a different address of course.