pull down to refresh

If you're doing single sig, yeah definitely use a passphrase. The passphrase is essentially an additional seed word... You just have to make sure you don't lose it, because if you do, you've lost your funds. It's not a great solution for long term storage IMO.
Multisig eliminates the need for a passphrase for a couple of reasons: 1 - you need to know which wallets are connected to withdraw from, so even if you were able to predict seed phrases, you'd still have your work cut out for you trying to find multisig wallets 2 - you wouldn't know if you found a multisig wallet or not, and can't withdraw without the xpubs anyway
That's way more complicated for the attacker, and it's way more difficult for the user to lose their funds.