For all current wallets, the password to unlock and the password to view private phrases are the same.
If a phishing site monitors the user’s keyboard events after a click, the wallet is locked when the user authorises it, and when the user enters the wallet’s unlock password, it is the same as the user’s password for viewing the private phrase being compromised.
Reverse the unlock code to view the user’s private phrase.
Is it possible to consider separating the password for unlocking the wallet from the password for viewing private phrase? This way, the unlock password is different from the private phrase password, which is relatively more secure.