PIN code is saved on device and that means that it can be hacked and extracted, it's just a matter of time when this will happen.
PIN in our case is never stored on the device, it stored on the X1 cards that are EAL 5+ certified. The share on the device is encrypted too which is decrypted only when the card is unlocked. Hence, even if someone hacks the device, they cannot brute force the PIN.
Advantage of additional passphrase compared to PIN code is that it is not stored anywhere on device and there is nothing that can be hacked.
But you can bruteforce the passphrase compared to PIN which is dangerous if it is a short pass phrase. Passphrase we don't recommend to basic users. At the same time, if you want, you can setup the passphrase on our wallets as well.
I am not saying PIN codes are bad for hardware wallets, but I wouldn't trust them to keep my coins safe.
I think it comes down to personal preference. Since there is the geographical distribution of the cards as well in our case, there are users who don't even set a PIN and rely on the geographic distribution as a security mechanism.