This is correct, but also dependent on your passphrased wallet having a strong enough passphrase.

Let's say an attacker steals your seed phrase and empties that wallet. You have an additional hidden wallet which uses this seed phrase along with a weak passphrase. You passphrase might be a single word, or just a couple of characters, or something related to you personally such as your name or birthday or whatever. An attacker could either guess your passphrase or simply bruteforce it. There is plenty of software which will allow an attacker to attempt millions of possible passphrases a second and check the corresponding wallets for funds.

For that reason, you should ensure any passphrase you do use is strong enough to protect your wallet on its own, in the event that your seed phrase is compromised. This usually means either a long and random string of characters and symbols as might be generated by a good password manager, or a further string of words not dissimilar to your seed phrase itself. Your passphrase should also obviously be backed up on paper separately to your seed phrase. And as soon as an attacker has your seed phrase, you should consider your passphrased wallets at risk, and move all the coins within to a new seed phrase +/- passphrase.