Aren't the 2048 rounds of HMAC-SHA-512 as PBKDF2 there to also make the derivation from the initial seed computationally expensive so that brute-forcing is rendered considerably slower?
It's certainly slow
er, but it definitely isn't slow and it definitely isn't considerably slower either. PBKDF2 is already pretty weak, and 2048 rounds is nothing. This is why tools like btcrecover can still check tens of thousand possible seed phrase combinations a second (even once you exclude those with an invalid checksum).
If you wanted actual protection against brute-force attacks, then you would need to up the iteration count to the millions or switch to an algorithm which is actually computational expensive. BIP39 survives without these things due to the initial entropy being at least 2
128, not because it is difficult to attack.