typo: "reduced"

Edit: My conclusion (see comments in the thread) is that already a rather weak password added to the 12 word seed is sufficient to boost the seed's overall entropy from 128 bit to above 160 bit, which is the entropy of a private key itself (due to RIPEMD160 hash).

So with a sole 12-word seed, a brute force attacker would be much better off attacking the seed (128 bit) than the private key itself (160 bit). But with a moderately complex 13th password on top of the 12-word seed, the seed's entropy would exceed 160 bit and the attacker would be better off brute-forcing the private key directly.

Important: This logic only holds if I do NOT use the password-free 12-word-seed wallet at all! Because, if I store some dummy bitcoins on the wallet without passphrase, the successful attacker has already found a valid seed with a 128-bit attack and needs negligible additive (instead of otherwise multiplicative) extra effort (say 32 bits) to find my full wallet, which thereby lost its 160 bit security!