Instead of this:
for(n=1;n<=PIN;n++) {passphrase=sha256(passphrase+salt)}
I would do:
for (n=1; n≤PIN; n++) { passphrase = hmac_sha256(passphrase, PIN+salt) }
Or perhaps even:
key = '';
for (n=1; n≤PIN; n++) { key = hmac_sha256(key+passphrase, PIN+salt) }
And make the 2
16 scrypt iterations depend on PIN as well.
hmac_sha256 is stronger than just plain sha256, and mixing in the original passphrase every iteration (instead of just hashing the previous hash value) could avoid some loss of entropy.
GUI-wise I would initially only show the address, and hide the private key (WIF + QR) with a button "Show Private Key".