How so? Assuming about 100,000 common words in the English language, with a five word phrase aren't you talking about 10000000000000000000000000 combinations for a dictionary attack to churn through? Even if you narrow it down to phrases that make grammatical sense (which certainly isn't a trivial thing to do algorithmically), you're still talking pretty astronomical numbers, and that doesn't account for the large increase in the corpus that would be needed for an attack that could include a name like "miffy" in its attempts.
But if the attacker knew with good probability that your passphrase is a valid sentence, they'd have ways to eliminate incorrect sentences, and so reduce the search space a bit (or a bit more, depending on how clever they are).
Have you ever used SwiftKey or Swype on Android? Vaguely the same principles apply here. It actually wouldn't be hard to generate passphrases where you try the most "predictable" phrases first. E.g. if you start your brute-forcing at "my cat" you would try "my cat likes" a long time before you tried "my cat algorithmically".
Also, 100,000 common words is a bit more than you would need. If people are plucking words from their heads, rather than rolling dice and picking from a list, you can assume a more limited corpus and still crack a lot of passwords.
Nobody starts brute forcing at "mycat." Even if they somehow knew that's how it started, that barely helps them. They don't know how many other words there are, or what the next one is. Simply because it is more likely to be "my cat likes" does not mean it is now feasible to crack. Without social engineering, that password is not crackable for all practical purposes and is far from a terrible password.
No, but we're talking about brute forcing billions of attempts per second, and we're not up against randomness, we're up against "the best pseudorandomness the human brain can muster", so the odds aren't 1 / <number of possibilities>. A password is severely weakened if it isn't sufficiently random.
