Thank you for this detailed explanation!

if you are using singlesig without a passphrase you are vulnerable to an attack where if anyone can sweep your funds if they physically find your seed. I see passphrase as a physical two factor without going down the full complexity of a 2of2 multisig wallet.