If a wallet or the tool you use for generating the seed phrase is open-source and the code has been reviewed, there's nothing to worry about.
That depends on the quality of the people reviewing the software and all other community members and their abilities to spot vulnerabilities in a piece of code. And also how long it will take them to do it. 1 day, 1 month, 1 year, 10 years.... A vulnerability that gets discovered and patched in a day is totally different from something that's out there publicly for a year, for example.
Here is a good article that mentions a few interesting points:
https://thehackernews.com/2022/11/last-years-open-source-tomorrows.htmlFinding open source vulnerabilities is typically done by the maintainers of the open source project, users, auditors, or external security researchers. But despite these great code-archaeologists helping secure our world, the community still struggles to find security flaws.
On average, it takes over 800 days to discover a security flaw in open source projects. For instance, the infamous Log4shell (CVE-2021-44228) vulnerability was undiscovered for a whopping 2649 days.
The analysis shows that 74% of security flaws are actually undiscovered for at least one year! Java and Ruby seem to have the most challenges here, as it takes the community more than 1000 days to find and disclose vulnerabilities.