There are other deterrents to brute force. If you dig under the hood, in the code you will find an Scrypt based password hashing:
https://github.com/maidsafe/safe_core/blob/master/src/core/client/user_account.rs#L188
We currently set the values to libsodium/crypto_pwhash_scryptsalsa208sha256.h at master · jedisct1/libsodium · GitHub and libsodium/crypto_pwhash_scryptsalsa208sha256.h at master · jedisct1/libsodium · GitHub
That means we use around 16 MB’s of RAM and over 500 thousand computations (thus a lot of cpu cycles), twice, to generate the final crypto keys which will locate and decrypt your account. Brute forcing a plain text password as mentioned shouldn’t be as easy. Further those limits are currently a recommended base line. If increased, it can be made to utilize ~1 GB of RAM and intense number of CPU cycles (as mentioned here, a ~2 secs on a 2.8 GHz i7 !). So while the correct credential will take a ~2secs to generate correct keys and then fetch the packet from the network and then decode it, rapid succession of incorrect ones stand a slim chance. If you choose a strong password yourself, plain text brute forcing is going to be a big ordeal.