Quick one though, in practice, do you think changing the passphrase is more secure than just relying on deep path branching? For example if someone brute-forces a seed, is a strong passphrase still a decent second line of security?
I feel if somene steals your seed phrase they cant access your wallets without the correct passphrase. It is like a second layer of protection.
Both could provide similar additional-security depending on the permutations the attacker has to go through. For example if you set the derivation path to something crazy like m/43215'/207241803/98465413'/2241/95124059 that is a huge search-space (at least 4.2 billion ^ 5 = 1.46 e+48 assuming the attacker knows the depth is 5) which is impossible to brute force.
But the problem with derivation path, is that sometimes wallets don't really let you choose it. They just use the default ones like m/44'/0'/0' but they let you add that extra passphrase to extend your mnemonic. In other words using the passphrase is more convenient than the derivation path because it is more "standard" way of doing things.
And if a strong enough passphrase is used, it can provide that second layer of security that is strong enough that cannot be broken by brute force.