True statement, but the context is critical, too.

For example, at work, our ability to log in will lock out for 12 hours after three unsuccessful log in attempts. So, as far as keeping out someone trying to remotely connect to my work network and trying to guess my password, even a single, randomly chosen word (i.e. no particular association to me, like a hobby, pet name, etc. and isn't dumb like "password" or "asdf") is pretty much secure against that. An attacker is better off using some other method to get in.

Of course, if I'm worried about my encrypted copy of some unnamed high official's real birth certificate (I'm just joking) falling into the wrong hands, and an attacker can run a thousand keys a second against that file for weeks and months, then the reduction in entropy by using words certainly becomes very important.

Not saying that my home network has a copy of said document--if any high level, well connected parties are listening in...