I thought having a complex and deep derivation path may add the 3rd layer(1st layer being good entropy, 2nd layer being a good passphrase) of protection from funds being stolen. and apparently, I seemed to be very wrong.
You're not wrong. Having a deep and complex derivation path does add additional difficulty for an attacker. Derivation paths can be up to 255 levels, and each level can have any value between 0 and 2
32 (2
31 for unhardened paths and 2
31 for hardened paths). This allows for a huge number of possibilities, a number which is many orders of magnitude higher than the number of possible seed phrases or possible private keys. If I told you my 12 word seed phrase, but had hidden coins on a derivation path along the lines of the code I've given below, I can be relatively certain you will never find them.
face chef napkin quick logic bottom panda symptom devote torch script pioneer sniff spray spray
m/345354933'/356031280'/252932887/1347505127/351115139'/1677270943'/1067497044/88310333'/1236917726/168863012'/1486189243/889669617'/874958513'/1697843361'/807359198/1297439610/2048655698/1237654270/1899547945'/598497816/690677434'/789120427/1705407426/1711201892'/1859714494'/1427499750'/684739053/1159864119/287196434/1850139717'/1225218744/982589830'/667332022/938488273/689387253'/739528954'/890376207'/2064198005'/1403645991/245910409/1988417'/1786139031'/1635078370/810481855'/1227817942/1230030854/1670099597'/170811987/27337552'/1488942210/259376689'/1308219396'/1922696310/1962600203/287197218'/1017886553'/1398017907'/1389687277/776021328'/2098291377'/1689353412/661821084'/528591856/141123332/1369290193'/392184845/2089963707'/1720777275/1814027200/1826237966'/1106050564/2030630508'/1629367557/1161659757'/990535187'/1103073575'/1344654688/915472460'/639137958/157803872'/1944781511/4152626'/1767706254'/230451587/1049454063'/1955099799'/1616495657'/480757815/1329513657/600689227'/870683146/1932171054'/1665227915/1457438043/1694207749'/875589181'/46812638
However, look at that number above. Compare it to the seed phrase given above. How easy do you think that number is to back up? How easy would it be to make a mistake while backing that up? There is no checksum, and no possibility to brute force or figure out a mistake. So a single missed digit, a single 1 read as a 7 or a 0 read as a 8, a single extra ' or extra number, and so on, will mean your coins and permanently and irretrievably lost. The risk of doing something like this is incredibly high and simply not worth it when there are better methods available.
If you are envisaging a scenario where both your seed phrase and passphrase have been stolen by an attacker, then your time would be much better spent figuring out better ways to secure your back ups of these things. If you want yet more layers of security on top of that, then you should use a multi-sig approach.
Incidentally, the address generated from the above would be bc1q690uf3jhzm7sjrhavdckk4jr44wxfy779gnuq8