Well, it is only 0.00000000000000000000000000000000000000000000000000000014% of all possible SHA26 hashes (assuming a bijective mapping, so probably a bit higher, if there are collisions).
True, but in the context of a brainwallet we aren't talking about a 256-bit entropy. We are talking about user provided passwords and in this context even a big 8 character passphrase consisting of random alphanumerical characters (eg.
_Cf}u$b0) needs computing 6 quadrillion hashes (0.006 quintillion) in total, the "165 quintillion hashes per second" rate is huge.
I do see what you're saying and it caused me to reconsider exactly what is a brainwallet. At first I didn't think it would be something someone has to "remember". But you are taking that to be a requirement.
What if I or someone else came up with some super-secretive procedure for taking a phrase and turned it into a 256-bit private key. Since the method is not published and only exists in their head, although they would have certainly tested it on a computer at some point, as long as they remember the procedure and the passphrase, I don't see how someone woudl be able to crack that. And the phrases could be very simple and yet since no one has the secret method, they don't even know where to start even if they know the phrase itself. yes the sample space has lower entropy but the problem is that you can't just check all 8 character passphrases because you don't even know the algorithm for converting them into a private key.
So maybe a particular method of generating a private key has 30 (for example) bits of entropy, but the fact that an adversary does not know the first step in creating the private key, it would appear the private key actually has 120 bits of entropy.
For example, someone might call numpy.random.choice([0, 1], size=90), but only after calling numpy.random.seed(420), and prior to doing something that creates 30 bits of actual entropy. The private key would probably remain "private" for a long time, but once an adversary figures out the procedure, any private key created via the above procedure would be quickly learned by adversaries.
Maybe no one thinks to try the above procedure for a long time, but one day, someone learns that the above person has a lot of coin, their favorite number is 420, and they like to generate their private keys via non-standard methods. This might lead someone to try to generate private keys via psudo-random methods in various ways using '420' as the seed up to a certain level of entropy that can be easily cracked.