Agreed, but we should really be talking about 2¹²⁸ rather than 2²⁵⁶. Since secp256k1 provides 128 bits of security for your key pairs, then it is irrelevant whether your seed phrase is 128 bits, 256 bits, or even 4,096 bits; the resulting private keys will still have 128 bits of security.

I don't know if this is actually how it works in ERC or BEP tokens since I don't own any shitcoins, but that is a terrible design if it is accurate. Leaking a single private key allows someone to simply increment a single digit and derive all your other private keys? In bitcoin, sibling keys are derived from the parent keys using a one way hash function, meaning there is no relationship between sibling keys.