I disagree because the real question we have to ask first is "why are we using a KDF in this scheme?".

• If it is for security, then PBKDF2 should not even be used. There are other mode advanced and memory expensive KDFs such as scrypt that could provide a much better security. Changing PBKDF2 iteration to a safer value (which is above 10 million according to RFC8018 recommendation) would just slow down the derivation process and would harm user experience.
• But if this KDF is there to only provide a way to use the same 12 to 24 words but derive different BIP32 seed by adding and changing a "passphrase" then it makes sense to use such a low iteration of such a weak KDF. Heck, I'd say we shouldn't even use a KDF, just replace it with a simple single HMACSHA512 to act as a Key Derivation Function.

This second case is in my opinion the actual reason for using PBKDF2, which is why I disagreed. The authors also mention the "plausible deniability" as the reason.