But just for the sake of argument, to your way of thinking, how many hashes would make it become "safe"?
It's a bit different, but check
https://keybase.io/warp.
yeah warpwallet is a pretty serious attempt to make a real strong brainwallet. uses 2^18 iterations. takes a ton of time on my little computer.
as for the OP's implementation as he mentioned he just uses a single sha256 of the passphrase. unless someone has a seriously hard to guess password you can't really expect it to not be hacked. i guess you could always salt the passphrase with your email address manually so they would have to "target you individually" then if they didn't know you yourself were using a brainwallet well, they wouldn't be able to do anything!