Most of the vulnerability of brainwallet came from using a single round of a simple hash (SHA256) and lack of (suggested) salt, which made brute-force & dictionary attacks very cheap.
Using a more complex hash and some basic, easy to remember, globally unique salt, the vulnerability is greatly reduced. WarpWallet does something like that, and attacks like brainflayer are greatly mitigated, since they not only need to perform more complex hashes (at a much lower rate than vs a single SHA256 round), but the attack also has to be targeted to the salt (like a globally unique email address), and the hashing cannot be reused for other salts.
Just the complex hash already makes it hard, the 8 alphanumeric warpwallet challenge still has not been solved, with a single SHA256 round, it would probably have been solved within a day.
(that said, using billions of rounds of sha256 should work just as fine as using scrypt, and could be more future-proof, since SHA256 asic performance has plateau'ed, while scrypt-asic have huge future improvement potentials, it's always possible there will be SHA256 breakthrough, but IMHO Scrypt breakthroughs are more likely)