Either the passphrase is convinient and memorisable but easily bruteforceable or it has enough entropy but then it's just like a 2 of 2 multisig which is much more dangerous for loss of funds than a 2 of 3 multisig. You can make the case that using a passphrase + having decoy funds in the non-passphrased wallet would help against unsophisticated attackers.