Nothing Is Truly Secure

Passphrases are limited to alphabetical... maybe alphanumeric if you use l33tcode other techniques, or mix in symbols

But generally, "words" are bad. Phrases and words are generic and reproducible. There's only so many orientations of a word with different capitalizations or replacements. Words still have less computational complexity as a pattern compared to random characters, numbers, and symbols
In the realm of security, having any patterns of any kind introduce flaws / speed up brute forcing times
Now... in the real world... realistically, would anyone be brute forcing your passwords? Probably not... But if you wanna get technical about security, words are absolutely less secure
Imagine it like a word as a single symbol
or a word as a set of symbols (Given variations of capitalization)
You're intentionally making a shorter password, functionally.
You can see how that'd be problematic
But random letters and numbers (and even symbols if they're allowed) essentially make use of most / all of the theoretical computational complexity. They're "maximally entropic" I guess

It's no guarantee but it's the simplest way of being safe towards your passwords, given any specific length of characters .

Passwords/phrases are a balance of security, memorability and typability
With a given length, a password with mixed characters is (theoretically) a lot more secure, than a passphrase of equal length, because of dictionary attacks.
However, a string of completely random and unrelated characters is exponentially harder to remember and type out than a few words stringed together, so the person using random mixed characters is more likely to write the password down or use a password manager, usually a proprietary, cloud based one. Notes can be stolen and db dumping password managers leaks passwords is bulk.
Then there's usb passkeys, that are a physical item that can be stolen.
Lesson of the day:
Nothing is truly secure, so just use the thing you think is the most fit for the situation.