[deleted] I'm not implying that at all. Nothing is impenetrable, though. As always, staying up-to-date is important, and considering your threat model (which you've mentioned is low) is just as important.
Most people don't have to worry about their adversaries being privy to secure element exploits, if they exist, that they can use to bruteforce the device.
Choosing or not choosing to rely on the secure element has always been something the project's talked about, and how to approach your password situation accordingly.
Please take a look at a recent post I made here, which also references a more detailed reply by the GrapheneOS account: